last executing test programs:

12m22.310040363s ago: executing program 32 (id=254):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x2, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BTRFS_IOC_QGROUP_CREATE(r1, 0x4010942a, &(0x7f0000000040)={0x0, 0x9})
readv(r0, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0xfffffcd9}, {0x0, 0x2000}], 0x2)
copy_file_range(r0, &(0x7f0000000000)=0xff, r1, 0x0, 0x10, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0)

11m48.495075713s ago: executing program 33 (id=825):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x17e)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x380, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfaf, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

11m19.738529685s ago: executing program 34 (id=1235):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000024d564b000000000b"])
close_range(r0, 0xffffffffffffffff, 0x0)

8m7.313766085s ago: executing program 35 (id=3767):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="30000000000000000000000007000000441c6693ac1414aa00000001e000000200000dcd0a01010100000057940401001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac14143bac14142b000000001400000000000000000000000200000009000000000000001c0000000000000000000000080000", @ANYRES32, @ANYBLOB="ac1e00016401010200000000110000000000000000000000010000244d0da70000000000bb8c9062bdb19b57be93a01743d7ee2f1ac68fb8b2b8034ab659ee45761ec8ac3e4408a491800d1e4fe05f99cc15c7a975a8"], 0xa0}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mknod(&(0x7f0000000180)='./file0\x00', 0x1000, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x2, 0x40)
rt_sigaction(0x40000022, 0x0, 0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0xa85, 0x4)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000000000000b4000040"])
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'lock', ' ', 'none'}, 0xa)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000fc0), 0x0, 0x0, 0x0})

7m45.939175467s ago: executing program 36 (id=4259):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xf788, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) (async)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xf788, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x20, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x11}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x20, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x11}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

7m40.498148501s ago: executing program 8 (id=4359):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x2208008, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
ioctl$TFD_IOC_SET_TICKS(r1, 0x40085400, &(0x7f00000000c0)=0x4)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x5, 0x0, 0x3f}}, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000009c0)={0x5c, 0x0, &(0x7f0000000880)=[@decrefs={0x40046307, 0x1}, @increfs={0x40046304, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000680)={0x30, 0x30, 0x30}}, 0x400}], 0x4, 0x0, &(0x7f0000000940)="8a0ac8d1"})

7m39.614751098s ago: executing program 8 (id=4375):
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000400)={0x0, 0xc0, 0x80, &(0x7f0000000000)=[0x1, 0x5, 0x4, 0x9, 0xd162, 0x7ff, 0x90cd, 0x3e3, 0x4, 0xef26, 0x1, 0x3, 0x100, 0x1000, 0x4, 0x4, 0x7, 0x5, 0x4, 0x1, 0x8fc, 0x2, 0x3, 0x2, 0x839, 0x1, 0x7f, 0xa6, 0x4, 0x1, 0xfffffffffffffffb, 0x1, 0x2842, 0x9, 0xffffffff, 0x1, 0x4, 0x80000000, 0x40, 0x5, 0x8, 0x984, 0x8, 0x100, 0x8000000000000000, 0x9, 0xdbe8, 0xfffffffffffffffd, 0x80000001, 0x7fffffff, 0x9, 0xa400000000000000, 0x334, 0xd8c, 0x3, 0x9a3, 0x1, 0x7fff, 0x8, 0x9, 0x6, 0x1, 0xfff, 0x1, 0x3ade, 0x7, 0x200, 0x0, 0x200, 0x0, 0x8, 0x6, 0x10000, 0xa, 0x5, 0x6f39, 0x3, 0x2, 0x2, 0x9, 0x0, 0xfffffffffffffff4, 0x100, 0x80, 0xca, 0xfffffffffffffffb, 0xde07, 0x4, 0x8, 0x8, 0x6073, 0xb, 0x7, 0x3, 0x2, 0x8, 0x499, 0x0, 0x8000000000000000, 0x6, 0xc0000, 0x9, 0x0, 0x7c, 0x7, 0x1, 0x1, 0x3, 0x6, 0x7, 0x1, 0x4, 0x9, 0x100, 0x1ff, 0xa5f, 0x2, 0x0, 0x40, 0x4, 0x401, 0xcd1c, 0x80000000, 0x6, 0xfff, 0xfffffffffffffff4, 0x5, 0x1]}) (async, rerun: 64)
r0 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000480)=0x1c, 0x80800) (rerun: 64)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000004c0)) (async, rerun: 32)
r1 = dup(r0) (rerun: 32)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000500)={'team0\x00', {0x2, 0x0, @multicast1}})
poll(&(0x7f0000000540)=[{r1, 0x240}], 0x1, 0x1ff) (async)
truncate(&(0x7f0000000580)='./file0\x00', 0x6) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs2/binder0\x00', 0x0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000600)={0x2}) (async, rerun: 32)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000640)={'veth1_virt_wifi\x00', 0x1}) (rerun: 32)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000680), 0x101400, 0x0)
ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000006c0)) (async)
ioctl$BINDER_GET_EXTENDED_ERROR(r1, 0xc00c6211, &(0x7f0000000700))
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000740)=0x8, 0x4) (async, rerun: 64)
finit_module(r1, &(0x7f0000000780)='/dev/net/tun\x00', 0x2) (async, rerun: 64)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r1, 0x4068aea3, &(0x7f00000007c0)={0xc5, 0x0, r1}) (async, rerun: 32)
truncate(&(0x7f0000000840)='./file0\x00', 0x80000000) (rerun: 32)
openat$dir(0xffffffffffffff9c, &(0x7f0000000880)='./file0\x00', 0x200800, 0x8) (async)
setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f00000008c0), 0x2)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000000900)={0x1, 0x0, [{0x40000001, 0x1, 0x3, 0x400, 0x0, 0x80000001, 0x7fffffff}]}) (async)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000000940)={0x0, 0x9, [0x2800, 0x7, 0x1, 0x3e5d, 0x0, 0xcfaa]}) (async)
r4 = open(&(0x7f0000000980)='./file0\x00', 0x41, 0x2) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000009c0)={<r5=>0xffffffffffffffff})
getpeername$unix(r5, &(0x7f0000000a00), &(0x7f0000000a80)=0x6e) (async)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000b00)={0x80}) (async)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r3, 0x40309410, &(0x7f0000000bc0)={0x9, 0x2, 0x6, 0xdd, 0x3, [0x6, 0x1ff, 0x8, 0x13]}) (async)
ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000c40)=@arm64_fp={0x6040000000100082, &(0x7f0000000c00)=0x31})
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000c80)={0x7, {{0xa, 0x4e24, 0x8, @rand_addr=' \x01\x00', 0x2}}, {{0xa, 0x4e23, 0x3, @local, 0x8}}}, 0x108)

7m39.614151548s ago: executing program 8 (id=4376):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8fe69000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r1=>0xffffffffffffffff})
recvmmsg(0xffffffffffffffff, &(0x7f000000a100)=[{{0x0, 0x0, 0x0}, 0x2}], 0x40001b2, 0x40002040, 0x0) (async)
sendmsg$inet(r1, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x200000, 0x0, 0xff, 0x1, 0x0, 0x4}, 0x20) (async, rerun: 32)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000200)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x200000, 0x2, 0x0, 0x1, 0x3}, 0x20) (async, rerun: 32)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async, rerun: 64)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async, rerun: 64)
read(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17)

7m39.522356649s ago: executing program 8 (id=4381):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r1 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a05004, 0x0)
mount(&(0x7f0000000140)=@md0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='pstore\x00', 0x1800000, &(0x7f0000000200)='--^}*&+++,@\x00')
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
r3 = openat$cgroup(r0, &(0x7f0000000700)='syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000740)={0x71000, &(0x7f0000000100), &(0x7f0000000240), &(0x7f0000000280), {0x2a}, &(0x7f0000000440)=""/137, 0x89, &(0x7f0000000500)=""/148, &(0x7f00000006c0), 0x0, {r3}}, 0x58)
open_tree(r0, &(0x7f00000000c0)='./file0\x00', 0x1000)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
listen(r4, 0x3)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
madvise(&(0x7f00000de000/0x3000)=nil, 0x3000, 0x19)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000180)=0x7ff, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
r7 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
sendto$packet(r6, &(0x7f0000000140)="280320000a00140000007ef506be00000000000000000000000000143baa111f1f858ce632f47042195eb3cf545a41b6d78839980700e67bee78895e16f37fe8", 0xffa9, 0x400c010, &(0x7f0000000080)={0x11, 0x3, r8, 0x1, 0xe5, 0x6, @random="76caa646ae4c"}, 0x14)
syz_open_dev$loop(&(0x7f0000000000), 0x5218, 0x200000)
r9 = syz_clone3(&(0x7f0000000340)={0x200000000, 0x0, 0x0, 0x0, {0x3a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58)
fcntl$lock(r0, 0x24, &(0x7f00000001c0)={0x2, 0x0, 0x401, 0x9, r9})
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000de000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x101)

7m39.5177657s ago: executing program 8 (id=4383):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000080), 0x7fffffffffffffff, 0x301000)
read$hidraw(r1, &(0x7f0000000240)=""/28, 0x1c)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
keyctl$invalidate(0x15, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
keyctl$invalidate(0x15, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x1, 0x5, 0x100000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="c744240077dd0000c74424027fbe0000c7442406000000000f011c24b8010000000f01c1450f01ca470f01f866baf80cb8e4f61882ef66bafc0c66b8795966ef40250000000066b8de000f00d02e0f005ffa0f01c92e640fc71f", 0x5a}], 0x1, 0xe8, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x2, 0x0, 0x2, 0xd, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xa}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x7, @local}}]}, 0x68}, 0x1, 0x7}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
r6 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x324, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x5, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r7, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000020000210d0000aaa8fa017242ba9380d412000000000000002900000003000000", 0xeb0e7a7d4c6f0553)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000001280))
syz_usb_control_io(r6, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="600105000000a40db1a7"], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xe, {"a2e3ad21ed0d52f90b9b39094bf70e06d038e7ff7fc6e5539b324b298b089b3208376d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d1780700523c921b1b9b31310d075d0936cd3b78130daa61f94b61404d64aec1b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c088215ec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6f44ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d208001349b41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2a15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c1980778efa5ea567b7b7430acc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a0700d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8440daaa69bf5c8f4350aeae9ca1207e76061b28f27da19acc7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211c7847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e781171e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b906ce2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7ae288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289d8523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c78e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e7c7b2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df06720ba2b26bbfcc807c8aabb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db38b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1040}}, 0x1006)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000300)={[0x2, 0x23, 0x8000000000000001, 0x10000, 0x4, 0xffffffff7fffffff, 0xfff, 0x3, 0x9b9, 0xfff, 0xe, 0x3, 0x2b5f7546, 0xfffffffffffffc00, 0x400, 0xffff], 0x100000, 0x1e8b07})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x200b, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x4, 0x2, 0x32}, @flat=@weak_binder={0x77622a85, 0xa, 0x3}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x20, 0x38}}, 0x1000}], 0x0, 0x0, 0x0})

7m39.450938881s ago: executing program 8 (id=4384):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
capset(0x0, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
removexattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@random={'user.', 'nl80211\x00'})
readv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0x1000}, {0x0, 0xfffffe28}], 0x2)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
ioctl$PTP_EXTTS_REQUEST2(r3, 0xc0603d0f, &(0x7f0000000100))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001180)={0x2c, r1, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x3}]}]}]}, 0x2c}}, 0x20000000)
syz_open_procfs(0x0, &(0x7f0000000080)='auxv\x00')
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
ioctl$UI_ABS_SETUP(r5, 0x401c5504, &(0x7f0000000280)={0x2, {0x5eba, 0x6, 0xa36, 0x7ff, 0x40, 0x80000000}})
chdir(&(0x7f0000000100)='./file0\x00')
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@weak_binder={0x77622a85, 0x100a, 0x1}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x28}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

7m39.390363192s ago: executing program 37 (id=4384):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
capset(0x0, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
removexattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@random={'user.', 'nl80211\x00'})
readv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0x1000}, {0x0, 0xfffffe28}], 0x2)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
ioctl$PTP_EXTTS_REQUEST2(r3, 0xc0603d0f, &(0x7f0000000100))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001180)={0x2c, r1, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x3}]}]}]}, 0x2c}}, 0x20000000)
syz_open_procfs(0x0, &(0x7f0000000080)='auxv\x00')
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
ioctl$UI_ABS_SETUP(r5, 0x401c5504, &(0x7f0000000280)={0x2, {0x5eba, 0x6, 0xa36, 0x7ff, 0x40, 0x80000000}})
chdir(&(0x7f0000000100)='./file0\x00')
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@weak_binder={0x77622a85, 0x100a, 0x1}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x28}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

3m45.869239863s ago: executing program 0 (id=8832):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) (async)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) (async)
r2 = socket(0x400000000010, 0x3, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2) (async)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

3m45.742914006s ago: executing program 0 (id=8835):
signalfd4(0xffffffffffffffff, &(0x7f0000001400)={[0xffffffffffffffff]}, 0x8, 0x80000)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @private=0xa010100}, 0x10)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

3m45.663267637s ago: executing program 0 (id=8838):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x27b, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r1 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
write(r0, &(0x7f0000000200)="89", 0xffe3)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000000)=ANY=[@ANYBLOB="636f6e74657874ccf0d4f05b379200ee000000000000000007c92e93c31fddfe210a7dce7f4826"])

3m45.655461717s ago: executing program 0 (id=8839):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
recvmsg$can_raw(r0, &(0x7f0000000300)={&(0x7f0000000280)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000200)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1, &(0x7f0000002400)=""/254, 0xfe}, 0x2042)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={0x0, 0x1100}, 0x1, 0x7}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'gre0\x00'})
prlimit64(0x0, 0x6, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x0)
setsockopt$packet_int(r2, 0x107, 0x11, &(0x7f00000001c0)=0x80, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000400)={0x0, 0x1, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[], 0xa0}, 0x1, 0xfffff000}, 0x8000)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x40106726, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
r5 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40088a01, &(0x7f00000000c0)=0x8000)
r6 = socket(0x10, 0x803, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000080))
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x1, 0x4, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x20008045}, 0x0)
syz_open_dev$loop(0x0, 0x7, 0x180862)
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
write(r7, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

3m45.621790988s ago: executing program 0 (id=8840):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x1090c18, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
getdents64(r1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat(r1, &(0x7f0000000040)='./file0\x00', 0x2, 0x110)
close_range(r0, 0xffffffffffffffff, 0x0)

3m45.551432s ago: executing program 0 (id=8841):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_opts(r3, 0x29, 0x36, 0x0, &(0x7f0000000440))
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@ignoreqv}], [], 0x6b}})
r4 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r5 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r5, r4, 0x0, 0xffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000000240), 0x0) (async)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) (async)
dup(r1) (async)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
getsockopt$inet6_opts(r3, 0x29, 0x36, 0x0, &(0x7f0000000440)) (async)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50) (async)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@ignoreqv}], [], 0x6b}}) (async)
syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00') (async)
open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0) (async)
sendfile(r5, r4, 0x0, 0xffffffff) (async)

3m45.55129814s ago: executing program 38 (id=8841):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_opts(r3, 0x29, 0x36, 0x0, &(0x7f0000000440))
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@ignoreqv}], [], 0x6b}})
r4 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r5 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r5, r4, 0x0, 0xffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000000240), 0x0) (async)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) (async)
dup(r1) (async)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
getsockopt$inet6_opts(r3, 0x29, 0x36, 0x0, &(0x7f0000000440)) (async)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50) (async)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@ignoreqv}], [], 0x6b}}) (async)
syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00') (async)
open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0) (async)
sendfile(r5, r4, 0x0, 0xffffffff) (async)

1m38.758875531s ago: executing program 3 (id=11462):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000001040), 0x2002, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$FUSE_LK(r1, &(0x7f0000000600)={0x28, 0x0, 0x0, {{0x0, 0x8, 0x2}}}, 0x28)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x22000, 0x2)
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000080)='\x00', &(0x7f00000000c0)='./file0\x00', r2)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x0, 0x0, 0x0})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

1m38.657797753s ago: executing program 3 (id=11463):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
pipe2$9p(&(0x7f0000000580), 0x80000) (async)
pipe2$9p(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
syz_usb_connect$uac1(0x0, 0x9f, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109028d0003010000000904000000010100000a24010000000201020624040000520b2405000053f11ee5f7260b24050000133b9bda531c090501000001020000090401010101020000090501090000000000072501000000000904020000010200000904020101010200000b240209000200018b7e8e0724010000000009058209ff"], 0x0)
r2 = dup(r1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000740), r3)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="25032abd7000fcdbdf251300000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x40000000}, 0x40)
write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18}, 0x18) (async)
write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18}, 0x18)
dup(r1) (async)
dup(r1)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4000, &(0x7f0000001200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c64656275671c307830303030303030303030303030303037ee00"])
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000001380)={0x1f, 0x1, 0x3}, 0x6) (async)
bind$bt_hci(r5, &(0x7f0000001380)={0x1f, 0x1, 0x3}, 0x6)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') (async)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r6, &(0x7f0000000200)=""/4087, 0xff7, 0xd37)

1m37.386657678s ago: executing program 3 (id=11482):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder0\x00', 0x1802, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TCFLSH(r1, 0x400455c8, 0x4)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0)
r2 = socket(0x2, 0x2, 0x1)
bind$unix(r2, &(0x7f0000000000)=@abs, 0x6e)
r3 = socket(0x2, 0x2, 0x1)
bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
writev(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193df163e75963f86ddf06712", 0x15}], 0x1)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000001340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x86000020)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r0, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0, 0xfe29}], 0x1, 0x48, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m36.74386733s ago: executing program 3 (id=11496):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xc5)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ftruncate(r0, 0xde34)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x12, r0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
lstat(&(0x7f0000000100)='./bus\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000000)='./file0\x00', &(0x7f00000003c0), 0x200840d, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',lazytime,subj_type=,euid=', @ANYRESDEC, @ANYBLOB="2c657547fe7342e746c59f245414cd7c457869643c13c2ac5c964400c24eb9e47fc75d9390eff0420f4128841f9ef63afa900dc308000000000000007c0051b148bf35386043551cd429539d6f475c3ad986ef41281c6848240b3657276317563f5358a234fdbb8ed8209191c0a3fa654776b96c6de0fb09d1cfe17b6cbf0f9cd79d19626a807729128a01b732ddb5c27b134552f7e482ccfe6d0402e758cefe591332a9635e82a82b05bdf6f7c66ae6da89497643f9fdae831b38d8443a3dcd0f72c2523261273a1156c917df2357f5813e0b5128a20bd9d1af9d281c4191125295", @ANYRESDEC=r2, @ANYBLOB=',euid<', @ANYRESDEC=0xee01, @ANYBLOB=',measure,\x00'])
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r4, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000640)={0x18, 0x0, &(0x7f00000002c0)=[@decrefs={0x400c6314, 0x4}, @clear_death={0x400c630f, 0x3}], 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, &(0x7f0000000280)={[{@nr_inodes}]})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)

1m36.670883121s ago: executing program 3 (id=11497):
getpgid(0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x20042, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, 0x0)
r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r5, 0x2, 0x3)
sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0xc, 0x1, 0x7, 0x2, 0x0, 0x70bd29, 0x25dfdbfb}, 0x10}}, 0xaa2a0f15ed042410)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = socket$inet6(0xa, 0x80001, 0x0)
sendmmsg(r6, &(0x7f0000005fc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
sched_rr_get_interval(0x0, &(0x7f0000000380))
close_range(r0, 0xffffffffffffffff, 0x0)

1m36.646194232s ago: executing program 3 (id=11499):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000000a40)={0x2020}, 0x2020)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@flag='rw'}]})

1m36.558308013s ago: executing program 39 (id=11499):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000000a40)={0x2020}, 0x2020)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@flag='rw'}]})

1m28.118163647s ago: executing program 6 (id=11669):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x2000, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3)
unshare(0x2040400)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
r3 = fcntl$dupfd(r2, 0x406, r2)
setns(r3, 0x2000000)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
lseek(r0, 0xfffffffffffffff5, 0x1)

1m28.116978817s ago: executing program 6 (id=11670):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000001040), 0x2002, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_i', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$FUSE_LK(r1, &(0x7f0000000600)={0x28, 0x0, 0x0, {{0x0, 0x8, 0x2}}}, 0x28)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x22000, 0x2)
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000080)='\x00', &(0x7f00000000c0)='./file0\x00', r2)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x0, 0x0, 0x0})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

1m28.036772118s ago: executing program 6 (id=11672):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x0, 0x80000000003})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x16}, @ptr={0x70742a85, 0xfffffffc, &(0x7f00000029c0)=""/193, 0xc1, 0x1, 0x14}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0})

1m27.96354994s ago: executing program 6 (id=11673):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x40000100000200)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f00000002c0)={@val={0x0, 0x6005}, @void, @eth={@multicast, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x26, 0x14, 0x68, 0x0, 0x7, 0x2f, 0x0, @loopback, @multicast1}}}}}}, 0x26)
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0xa8ca3411d1c26009, 0x13, r0, 0x98b2f000)

1m27.96272395s ago: executing program 6 (id=11674):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SIOCGSTAMP(r0, 0x8906, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x40, &(0x7f0000000000)=0x3d, 0x4)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@seclabel}]})

1m27.9622256s ago: executing program 6 (id=11675):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r1, 0x11, 0xa, &(0x7f0000000000)=0x4, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c010000100033060000000000080000fe8000000000000000000000000000aaffffffff08000000000000000000000040000000800400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14143f0000000000000000000000000000000032000000fe80000000000000000000000000003f2703000000000000090000000000000000000000000000000400000000000000ff0f00000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f000000000000000800000029bd7000000000000a000100000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040002005e2100000000ac14143f00000000000000000000000008000b00ff070000"], 0x15c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
syz_usb_connect(0x0, 0xb8, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000bd3ebb0803045071e0eb000000010902a60001fe0000030904"], 0x0)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
pwritev(r5, &(0x7f0000000100)=[{&(0x7f00000000c0)='A', 0x1}], 0x1, 0x1, 0xc40)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)
r7 = creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r8=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000004500), 0x800, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
bind$inet(r6, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r9, 0x107, 0xc, &(0x7f0000000080)=0xfffffffe, 0x4)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCMGET(r10, 0x5423, &(0x7f0000007000))
ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ff9000/0x4000)=nil, 0x4000})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[0xb, 0xe8, 0x401, 0x3, 0xffff, 0x8000000000000004, 0x8000000000000001, 0x80000001, 0x1, 0x1fe, 0x3, 0xfff, 0xfffffffffffffffe, 0x100000000038, 0x2, 0x9], 0x0, 0x2280})
r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x80004, 0x6)
setreuid(0xffffffffffffffff, 0x0)
lseek(r11, 0x0, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

1m12.905704671s ago: executing program 40 (id=11675):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r1, 0x11, 0xa, &(0x7f0000000000)=0x4, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c010000100033060000000000080000fe8000000000000000000000000000aaffffffff08000000000000000000000040000000800400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14143f0000000000000000000000000000000032000000fe80000000000000000000000000003f2703000000000000090000000000000000000000000000000400000000000000ff0f00000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f000000000000000800000029bd7000000000000a000100000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040002005e2100000000ac14143f00000000000000000000000008000b00ff070000"], 0x15c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
syz_usb_connect(0x0, 0xb8, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000bd3ebb0803045071e0eb000000010902a60001fe0000030904"], 0x0)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
pwritev(r5, &(0x7f0000000100)=[{&(0x7f00000000c0)='A', 0x1}], 0x1, 0x1, 0xc40)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)
r7 = creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r8=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000004500), 0x800, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
bind$inet(r6, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r9, 0x107, 0xc, &(0x7f0000000080)=0xfffffffe, 0x4)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCMGET(r10, 0x5423, &(0x7f0000007000))
ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ff9000/0x4000)=nil, 0x4000})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[0xb, 0xe8, 0x401, 0x3, 0xffff, 0x8000000000000004, 0x8000000000000001, 0x80000001, 0x1, 0x1fe, 0x3, 0xfff, 0xfffffffffffffffe, 0x100000000038, 0x2, 0x9], 0x0, 0x2280})
r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x80004, 0x6)
setreuid(0xffffffffffffffff, 0x0)
lseek(r11, 0x0, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

26.527313777s ago: executing program 5 (id=12629):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000680)={@mcast2, 0x9884, 0x0, 0x3, 0x6, 0x4, 0xc7e}, 0x20)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r3, 0x80811501, &(0x7f0000000100)={0x80})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_FREEZE(r4, 0x400c620e, &(0x7f0000000100)={0x0, 0x1, 0x800})
write$UHID_INPUT(r3, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000000, 0x10012, r3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40401, 0x0)
r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r6 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14, 0x453, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x9}}], {0x14, 0x3eb}}, 0x3c}, 0x1, 0x0, 0x0, 0x240208d1}, 0x40000)
r7 = openat$cgroup_ro(r3, &(0x7f00000001c0)='blkio.bfq.time_recursive\x00', 0x0, 0x0)
close_range(r5, r7, 0x2)
mprotect(&(0x7f00002cd000/0x2000)=nil, 0x2000, 0x5)
write(r2, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

26.489945768s ago: executing program 5 (id=12630):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x6000)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_any}, {@access_uid}, {@afid={'afid', 0x3d, 0x9}}], [], 0x6b}})
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
ioctl$TIOCSERGETLSR(r4, 0x5459, &(0x7f0000000280))
r5 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r5, r3, 0x0, 0xffffffff)

26.287903672s ago: executing program 5 (id=12634):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
close_range(r0, 0xffffffffffffffff, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000000)=[{}, {}, {}], 0x3, 0x6, &(0x7f0000000040)={[0x3ff]}, 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1}, 0x8001)
ioctl$SIOCSIFHWADDR(r1, 0x8905, &(0x7f0000000340)={'pim6reg0\x00', @remote})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@volatile}]})
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000003480)={0x2020}, 0x2020)

26.171464884s ago: executing program 5 (id=12637):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x380, 0x2})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
openat(0xffffffffffffff9c, 0x0, 0x20842, 0x22)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00')
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x0, 0x1})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f00000001c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000240)="0979e127b8b3891be8dd397c67fc82251cecd27196a59beb85cb7450266767e735d2f6932155ed86f508fe87dbb49fc69db4458cbb2113dbf9f32c7a53eed2206e041bb9eee97a5798b41527404ddeff"})

26.151851655s ago: executing program 5 (id=12639):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0xf8}}, 0x20000000)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x0, 0x0, 0xfffffffc}, 0x10)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x12, r2, 0x80000000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mprotect(&(0x7f000000b000/0x2000)=nil, 0x2000, 0x4)
write(r1, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

25.972856728s ago: executing program 5 (id=12641):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000580)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x68, 0x0, &(0x7f0000000400)=[@clear_death, @transaction={0x40406300, {0x82, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @increfs_done={0x40106308, 0x3}], 0x0, 0x0, 0x0})

25.846928411s ago: executing program 41 (id=12641):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000580)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x68, 0x0, &(0x7f0000000400)=[@clear_death, @transaction={0x40406300, {0x82, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @increfs_done={0x40106308, 0x3}], 0x0, 0x0, 0x0})

25.803344911s ago: executing program 1 (id=12644):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_PMU_CAPABILITY(r1, 0x4068aea3, &(0x7f0000000040)={0xcc, 0x0, 0x80000000000eaff})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x51, 0x0, &(0x7f0000000300)="de547e22badef7fe47218ac45e0cfab956549e362216b22c7fa1086cc46642478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf20000000000000000"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000500)=[@register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000740)="8883f5f7cbff9a34b3f74f293f723b276cf06db9629e224672eb6f1cfcc713e6e2bf82da4da3f1872e006c7f8aab8148a0e021b5cf4e90a761ba22fd7fca4f6c2d70eccab599fa4576db19479f79799d"})

25.802148951s ago: executing program 1 (id=12645):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000006000/0x4000)=nil)
socket(0x10, 0x3, 0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000000)='net/rt6_stats\x00')
read$FUSE(r2, &(0x7f0000004180)={0x2020}, 0x2020)
rt_tgsigqueueinfo(0x0, 0x0, 0x17, &(0x7f0000000600)={0x26, 0x7, 0x80000000})
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfdf, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x16}, @fda={0x66646185, 0x4, 0x0, 0x2}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x48}}, 0x400}], 0x0, 0x0, 0x0})

25.37757046s ago: executing program 1 (id=12650):
getpriority(0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mount_setattr(0xffffffffffffffff, 0x0, 0x1100, &(0x7f00000000c0)={0x100008, 0x0, 0x80000}, 0x20)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x50, 0x0, &(0x7f00000000c0)="70d07134252032b13c6f6f6f7aaa12b1c0578b26dfe3b2b741205d28752ac5acbb5a5b0d2b225871a4b865d995f95d6aa99c4901dbf986b562794f45f28d37773ab5417f62829ea8edc11615cb9fab16"})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x40101, 0x0)
fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000040), &(0x7f0000000200), 0x2, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=ANY=[@ANYBLOB="38010000100001000000000000000000fc000000000000000000000000000001fe8000000000000000000000000000bb000000004e2200020000000006000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc000000000000000000000000000000000000006c000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000004000000000000000480003006c7a6a6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c32303c1207f178700000000"], 0x138}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000000380)=[@decrefs={0x40046307, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

25.332968341s ago: executing program 1 (id=12651):
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000140)={'filter\x00', 0x7, 0x4, 0x3c0, 0x108, 0x1f0, 0x0, 0x108, 0x2d8, 0x108, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0xe8, 0x0, {0xa00}}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x447)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (rerun: 64)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="2d01"], 0xc) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
readlinkat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) (async)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000540), 0x3c) (async)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f00000001c0)=0x1, 0x4) (async)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x151)
ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f0000000080)={0x8}) (async, rerun: 64)
mkdirat(r6, &(0x7f0000000580)='./file0\x00', 0x20) (async, rerun: 64)
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000007, 0x1000000000, 0x5, 0x41, 0x1, 0xd0, 0x2004cb, 0xffffffffffffffff, 0xa1d, 0x68ff, 0x5, 0xffffffffffffffff, 0x3, 0x2], 0x10000, 0x202})
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt(r7, 0xff, 0x1, 0x0, &(0x7f0000000040)) (async)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x80a0000, 0xc, 0x0, 0x2, 0x0, 0x4, 0x0, 0x7, 0xff}, {0xeeee0000, 0xdddd0000, 0xc, 0xfe, 0x7, 0xc4, 0x0, 0x1, 0x48, 0x3, 0x0, 0xfd}, {0x1, 0x0, 0x9, 0x0, 0x1, 0x0, 0x9, 0x0, 0x8, 0x6, 0x4}, {0x6000, 0xeeee8000, 0xa, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c, 0x4}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x5, 0x2, 0x0, 0x0, 0xff, 0x5}, {0x1bbba0004, 0xeeee8000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20}, {0x100000, 0xffff1000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x3}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x302081, 0x0, 0xf801, 0x6000, [0x10001, 0x0, 0x1, 0xfffffffffffffffe]}) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)={[{}]})

25.223206223s ago: executing program 1 (id=12652):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
keyctl$get_keyring_id(0x0, 0x0, 0x4) (async)
keyctl$get_keyring_id(0x0, 0x0, 0x4)
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setfsuid(0xee01) (async)
setfsuid(0xee01)
setfsuid(0xee01) (async)
setfsuid(0xee01)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000640)=0x3, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x0, 0x2, 0x2, 0x4}, 0x20)
r1 = socket$tipc(0x1e, 0x2, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
socket$tipc(0x1e, 0x5, 0x0) (async)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x2, {0x2, 0x2, 0x4}}, 0x10) (async)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x2, {0x2, 0x2, 0x4}}, 0x10)
r3 = socket$inet6(0xa, 0x3, 0xfb)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x4}, 0x38)
sendmsg$inet6(r3, &(0x7f00000002c0)={&(0x7f00000000c0)={0xa, 0x0, 0x9, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x9}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000200)}, {&(0x7f0000000240)="719f722fa00787b037dca8e9", 0xc}], 0x2}, 0x4b00)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}, 0x2}}, 0x10)
bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
openat$kvm(0x0, &(0x7f0000000080), 0x80002, 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x80002, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x2000}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x2000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000040)={0xeeee0000}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000040)={0xeeee0000})
setsockopt$inet6_udp_int(r0, 0x88, 0x1, &(0x7f0000000080), 0x4)
close(0x3)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) (async)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000200))
keyctl$clear(0x7, r7)
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$negate(0xd, r7, 0x2, r8) (async)
keyctl$negate(0xd, r7, 0x2, r8)

25.081129435s ago: executing program 1 (id=12656):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="66646717d64447daddb8384b1a1f90960e3419d09a9ec210945d8ea99e24ab16af1527a7fae6728b15638317b91d3282cd84aef9be83ffba6a3a64cdba44e948c37f0deccd37a5e70b381b4fb92c3cce884fdd6c54f5b0f07d6378b34c12c17d10f5db7a3c19d22caa69a515c1c5fcbc20357262203d334b448e39dbf1d3daa9d2500288b67b7ccbc2691db29abe3c450c24410575a394331f607d36aedef283cc543c3953414fa9aca93e402baafd569f387e29", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r0, &(0x7f0000002ac0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f00000002c0)={0x50, 0xffffffffffffffda, r1, {0x7, 0x29, 0x0, 0x50b08869, 0x0, 0x10, 0x40, 0x40, 0x0, 0x0, 0x2f, 0xad}}, 0x50)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/custom1\x00', 0x800, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f00000004c0)={0xffffffff, {{0x2, 0xfffc, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x17, &(0x7f0000000040)=0x100000001, 0x4)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast2}, 0x19)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x62, 0x2, 0x16}, @ptr={0x70742a85, 0xfffffffc, &(0x7f00000029c0)=""/201, 0xc9, 0x1, 0x14}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0})

25.035347096s ago: executing program 42 (id=12656):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="66646717d64447daddb8384b1a1f90960e3419d09a9ec210945d8ea99e24ab16af1527a7fae6728b15638317b91d3282cd84aef9be83ffba6a3a64cdba44e948c37f0deccd37a5e70b381b4fb92c3cce884fdd6c54f5b0f07d6378b34c12c17d10f5db7a3c19d22caa69a515c1c5fcbc20357262203d334b448e39dbf1d3daa9d2500288b67b7ccbc2691db29abe3c450c24410575a394331f607d36aedef283cc543c3953414fa9aca93e402baafd569f387e29", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r0, &(0x7f0000002ac0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f00000002c0)={0x50, 0xffffffffffffffda, r1, {0x7, 0x29, 0x0, 0x50b08869, 0x0, 0x10, 0x40, 0x40, 0x0, 0x0, 0x2f, 0xad}}, 0x50)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/custom1\x00', 0x800, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f00000004c0)={0xffffffff, {{0x2, 0xfffc, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x17, &(0x7f0000000040)=0x100000001, 0x4)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast2}, 0x19)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x62, 0x2, 0x16}, @ptr={0x70742a85, 0xfffffffc, &(0x7f00000029c0)=""/201, 0xc9, 0x1, 0x14}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0})

2.358434315s ago: executing program 4 (id=13071):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000000)=0xfffffffc, 0x4)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0xa, 0x0, &(0x7f00000001c0)=[@free_buffer], 0x0, 0x0, 0x0})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x27)
read$eventfd(r2, &(0x7f0000000080), 0x8)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x7b8278d11ab1b4e)
socket(0x2c, 0x3, 0xbe76)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x40)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f00000004c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r5 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
mknodat$loop(r5, &(0x7f00000002c0)='./file1\x00', 0x4, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r5, &(0x7f0000000100)='./file1\x00', r5, &(0x7f0000000240)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000140)={0xd001, 0x100000, 0x2, 0x6, 0xff})
r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x420200, 0x0)
setsockopt$inet_int(r6, 0x0, 0xb, &(0x7f0000000080)=0x9, 0x4)

2.235537487s ago: executing program 4 (id=13074):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x5, 0x4) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xdb9, 0x0, 0x0, 0x4}, 0x0) (async)
ptrace$cont(0x18, 0x0, 0x2000000000001, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0) (async)
ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000140)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) (async)
sendfile(r0, r0, 0x0, 0x7ffff000)

1.526219101s ago: executing program 2 (id=13094):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
syz_clone3(&(0x7f00000000c0)={0x142000000, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_clone3(0x0, 0xa272d8de)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f00000000c0)={0x1})
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_X86_SET_MSR_FILTER(r4, 0x4188aec6, &(0x7f0000000a40)={0x1, [{0x3, 0x0, 0x106, 0x0}, {0x2, 0x0, 0x2, 0x0}, {0x0, 0x0, 0x7ff, 0x0}, {0x1, 0x0, 0x912b, 0x0}, {0x2, 0x0, 0x3cb3, 0x0}, {0x0, 0x0, 0x3fe, 0x0}, {0x0, 0x0, 0x2, 0x0}, {0x3, 0x0, 0xfffffffe, 0x0}, {0x1, 0x0, 0xb, 0x0}, {0x3, 0x0, 0x3, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x60cf6ba5a5e3603a, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x7ffffffb, 0x0}, {0x1, 0xffffffffffffffd4, 0x5, 0x0}, {0x1, 0x0, 0x8001, 0x0}]})
close_range(r0, 0xffffffffffffffff, 0x0)

1.452782493s ago: executing program 2 (id=13096):
openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0) (async)
r0 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0)
fcntl$notify(r0, 0x402, 0x80000040) (async)
fcntl$notify(r0, 0x402, 0x80000040)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000000040)=""/108)
ioctl$VT_DISALLOCATE(r1, 0x5608)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a)
ioctl$KVM_SET_TSC_KHZ_vm(r2, 0xaea2, 0x3662) (async)
ioctl$KVM_SET_TSC_KHZ_vm(r2, 0xaea2, 0x3662)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r1, 0x9362, 0x0)
r3 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '/dev/userfaultfd\x00'}], 0xa, "b5f7032658ce83477843a8b889b52d5f49bbacc27b47e11f2d446e2f295cc9ba622f356de649debd55cb0b7d57fc2d1b9a6fd905c474e7e556481c4ee2edb3c7391011311f4292f38e"}, 0x66) (async)
write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '/dev/userfaultfd\x00'}], 0xa, "b5f7032658ce83477843a8b889b52d5f49bbacc27b47e11f2d446e2f295cc9ba622f356de649debd55cb0b7d57fc2d1b9a6fd905c474e7e556481c4ee2edb3c7391011311f4292f38e"}, 0x66)
fdatasync(r2) (async)
fdatasync(r2)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f0000000140)={0x3, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000180)={0x2, 0x0, 0x4, 0x2000, &(0x7f0000ffe000/0x2000)=nil, 0x47fe, r4})
ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000240)={0x0, 0x80, [0x8, 0x18e, 0x3fdd, 0x6, 0x3, 0x7fff]})
ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000280)={0x1, 0x275}) (async)
ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000280)={0x1, 0x275})
ioctl$FIBMAP(r4, 0x1, &(0x7f00000002c0)=0x8)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000300)={0x28, 0x0, 0x2710, @local}, 0x10, 0x81000) (async)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000300)={0x28, 0x0, 0x2710, @local}, 0x10, 0x81000)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, &(0x7f0000000340)={0x77359400}, 0x10)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_TABLE(r6, 0x29, 0xcf, &(0x7f0000000380)=0x1, 0x4) (async)
setsockopt$MRT6_TABLE(r6, 0x29, 0xcf, &(0x7f0000000380)=0x1, 0x4)
openat$selinux_status(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async)
r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$VHOST_SET_VRING_KICK(r7, 0x4008af20, &(0x7f0000000400))
ioctl$sock_inet_tcp_SIOCOUTQ(r7, 0x5411, &(0x7f0000000440))
ioctl$HIDIOCSREPORT(r7, 0x400c4808, &(0x7f0000000480)={0x1, 0x2, 0x3})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f00000005c0)={'erspan0\x00', &(0x7f0000000500)={'syztnl2\x00', <r8=>0x0, 0x20, 0x8, 0x6, 0x7fffffff, {{0x26, 0x4, 0x3, 0x7, 0x98, 0x68, 0x0, 0x40, 0x2f, 0x0, @multicast1, @empty, {[@cipso={0x86, 0x5a, 0x3, [{0x0, 0xb, "9175e6cc0eecb59157"}, {0x2, 0x10, "06416a75bc28aca38bd7c6ad6328"}, {0x7, 0x6, "52d61cc4"}, {0x0, 0x3, "a7"}, {0x7, 0x12, "be775da8bfff739e0651f805c104f665"}, {0x5, 0xa, "f006b755fb9b35f2"}, {0x1, 0x2}, {0x6, 0x9, "59482e2675a5c5"}, {0x7, 0x9, "a8272edcc59ceb"}]}, @lsrr={0x83, 0xf, 0x44, [@broadcast, @dev={0xac, 0x14, 0x14, 0x27}, @multicast1]}, @ssrr={0x89, 0xf, 0xbb, [@local, @broadcast, @private=0xa010100]}, @lsrr={0x83, 0x7, 0xac, [@multicast2]}, @ra={0x94, 0x4}]}}}}})
sendmsg$nl_route_sched_retired(r7, &(0x7f0000000b40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000600)=@newtclass={0x4c8, 0x28, 0x800, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0xfff3}, {0xffe0, 0xffe0}}, [@c_cbq={{0x8}, {0x420, 0x2, [@TCA_CBQ_RTAB={0x404, 0x6, [0xef43, 0x23, 0x3, 0x2, 0x0, 0x1, 0x9, 0x80000000, 0x10001, 0x9, 0x5, 0x2, 0x2, 0x81, 0x1, 0x1, 0x7ff, 0x4, 0x100000, 0x2, 0x44, 0x39c15d92, 0x100, 0xffff0001, 0x0, 0xffff, 0x7, 0x5, 0x7fff, 0x6, 0xfffffff9, 0x5, 0xe, 0x1, 0x5, 0x6, 0x7, 0x7f, 0x9, 0xb0, 0x6, 0x3, 0x0, 0x4, 0x4, 0xfffff801, 0x0, 0x4, 0xffffffff, 0x10001, 0x9, 0xbab4, 0x4, 0x7, 0x80, 0x6, 0x200, 0x4, 0xfffffff9, 0x7, 0xa7f3, 0x3, 0x8, 0x5, 0xc76, 0x10001, 0x7, 0x8, 0x1, 0x78a, 0xffff, 0x7, 0x4e9a, 0x0, 0x3, 0x4, 0x9, 0x10001, 0x43, 0x5, 0x9, 0x5, 0x6, 0x5, 0x6, 0x5, 0x5, 0x2, 0x0, 0x5, 0x7, 0x2, 0x8000, 0x2, 0x5, 0x2, 0x3, 0x7, 0x7fffffff, 0x1, 0x0, 0x6, 0x4, 0x7ff, 0xff, 0x401, 0x1, 0x8, 0x24, 0x1, 0x7, 0x0, 0x0, 0x10000, 0x4, 0xd, 0x80000001, 0x6f80, 0x9, 0x8, 0x0, 0x87, 0x7fff, 0x3, 0x0, 0x8, 0x6, 0x88a5, 0x0, 0xfff, 0xb687, 0x4, 0x1, 0x0, 0x200, 0x7, 0xcc0, 0x84c2, 0xffffffff, 0x5, 0x9, 0x7ff, 0x8001, 0x0, 0xef, 0x2, 0x2, 0x7fff, 0xdeef, 0x1, 0x0, 0x6, 0x2, 0x95, 0x7ff, 0x8, 0x0, 0x2, 0x4, 0x2, 0x1, 0xfffffff8, 0x80, 0x1, 0x7f, 0x1, 0x3, 0x7fffffff, 0x4, 0x6, 0x8, 0x2, 0x4, 0x6, 0x2, 0x1, 0xff, 0x9, 0x7ff, 0xfe4, 0x200, 0x7ff, 0x73, 0x8, 0x8, 0x6, 0x0, 0x1, 0x7fffffff, 0x0, 0xe65f, 0x9, 0x3, 0x9, 0x40, 0xfffffffc, 0x7, 0x6ada, 0x4, 0xbb53, 0x8a9, 0x0, 0x6, 0x400, 0xffffffff, 0x1, 0x3e, 0x9, 0x2, 0x7, 0x4fc1, 0x0, 0xfffffff9, 0x7, 0x2, 0x81, 0x3, 0x9, 0xffff8001, 0x3, 0x1, 0x8001, 0xfffffeff, 0xfff, 0x3, 0xeb4c, 0x733, 0x2, 0x3, 0x9, 0xfff, 0x7, 0x7, 0x6, 0x5, 0x6, 0x5, 0x8, 0x1, 0x0, 0x81, 0x5, 0x1, 0x5, 0x10, 0x1ff, 0x3, 0x6, 0x4, 0x9, 0x2, 0x40, 0xce, 0x6, 0x78e, 0xb]}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x1c, 0x3, 0xf, 0xed, 0x9, 0x9fb5, 0xffffffff, 0x9}}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x9}}}, @c_atm={{0x8}, {0x4}}, @c_atm={{0x8}, {0x38, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0x5, 0xc}}, @TCA_ATM_HDR={0x21, 0x3, "19050539c793500783116db352e1f1087625ea0f015ddf53bb9cb6e50b"}, @TCA_ATM_FD={0x8, 0x1, r5}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x2}}}]}, 0x4c8}, 0x1, 0x0, 0x0, 0x10}, 0x4080)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), r7)
sendmsg$NL80211_CMD_GET_MPP(r7, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x1c, r9, 0x200, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x8040)

1.388019914s ago: executing program 2 (id=13098):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x90, 0x0, &(0x7f0000002680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/226, 0xe2, 0x2, 0x4}, @fda={0x66646185, 0xffffffffffffffff, 0x0, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f0000002740)=""/243, 0xf3, 0x0, 0x28}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0xffffffff7fffffff, 0xfffffffffffffffe, 0x10}, @ptr={0x70742a85, 0x1, &(0x7f0000000580)=""/173, 0xad, 0x0, 0x14}, @flat=@binder={0x73622a85, 0x110a, 0x1}}, &(0x7f0000000000)={0x0, 0x20, 0x48}}}], 0x0, 0x0, 0x0})
r1 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000040))
ioctl$NS_GET_USERNS(r1, 0xb701, 0x0)

1.387864074s ago: executing program 4 (id=13099):
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom0\x00')

1.339280275s ago: executing program 4 (id=13101):
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x210400, 0x0)
r1 = dup(r0)
r2 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
write$binfmt_format(r2, &(0x7f0000000080)='0\x00', 0x2)
mprotect(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000005)
r3 = socket$netlink(0x10, 0x3, 0xe)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r3, 0x6628)
read$FUSE(r0, &(0x7f00000000c0)={0x2020, 0x0, 0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
ioctl$USBDEVFS_CLAIMINTERFACE(r0, 0x8004550f, &(0x7f0000002100)=0x7fffffff)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000002180), r0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000002240)={&(0x7f0000002140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002200)={&(0x7f00000021c0)={0x3c, r6, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8000}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xd9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x8000)
r7 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000002280), 0x80000, 0x0)
clock_gettime(0x0, &(0x7f0000002300)={<r8=>0x0, <r9=>0x0})
ppoll(&(0x7f00000022c0)=[{r3, 0x4024}, {r3, 0x1400}, {r7, 0x202}], 0x3, &(0x7f0000002340)={r8, r9+10000000}, &(0x7f0000002380)={[0xc]}, 0x8)
r10 = openat$cgroup_ro(r1, &(0x7f00000023c0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
r11 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$GIO_FONT(r11, 0x4b60, &(0x7f0000002400)=""/211)
getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000002500)={@dev, @rand_addr, <r12=>0x0}, &(0x7f0000002540)=0xc)
setsockopt$MRT6_ADD_MIF(r10, 0x29, 0xca, &(0x7f0000002580)={0xffffffffffffffff, 0x1, 0x2, r12, 0x3}, 0xc)
r13 = openat$null(0xffffffffffffff9c, &(0x7f00000025c0), 0x424400, 0x0)
ioctl$UFFDIO_CONTINUE(r13, 0xc020aa07, &(0x7f0000002600)={{&(0x7f0000000000/0xf000)=nil, 0xf000}, 0x1})
connect$inet6(r0, &(0x7f0000002640)={0xa, 0x4e21, 0x94, @loopback, 0x826}, 0x1c)
r14 = openat$uinput(0xffffffffffffff9c, &(0x7f0000002680), 0x802, 0x0)
fchmod(r14, 0x20)
ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f00000026c0))
socket$nl_xfrm(0x10, 0x3, 0x6)
r15 = accept(r3, &(0x7f0000002740)=@generic, &(0x7f00000027c0)=0x80)
ioctl$sock_SIOCOUTQNSD(r15, 0x894b, &(0x7f0000002800))
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r15, &(0x7f0000002940)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000002900)={&(0x7f0000002880)={0x78, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x8004}, 0x20000000)
write$FUSE_ENTRY(r0, &(0x7f00000049c0)={0x90, 0x0, 0x0, {0x1, 0x2, 0x0, 0x7fffffffffffffff, 0x101, 0x19d, {0x5, 0x5, 0x6, 0x7, 0x8, 0x2, 0x7, 0x6, 0x8000, 0x1000, 0xaf, r4, r5, 0x2, 0xe66}}}, 0x90)

1.338765694s ago: executing program 2 (id=13102):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x1002, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x1002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{}, {0x77359400}}, &(0x7f0000000200)) (async)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{}, {0x77359400}}, &(0x7f0000000200))
syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000000)=ANY=[@ANYBLOB="12015001000000106b1d010140000102030109029a00030100e0000904000000010100000a24010000000201020c240200000000000e0000000524050000082404030f8bf8ae0c240701050000c80975f9070d24070101000005cf1f000005092403000000000100090401000001020000090401010101020000090501090000010000072501000100000904020000010200000904", @ANYRES16=r1], 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="060028bd7000010000000100000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000600000067000000"], 0x28}, 0x1, 0x0, 0x0, 0x400c080}, 0x4040860)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000140)={0x21, 0x5, 0x9})
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0)
eventfd2(0x10ffd, 0x80000) (async)
r7 = eventfd2(0x10ffd, 0x80000)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
close_range(r0, 0xffffffffffffffff, 0x0)

1.128895859s ago: executing program 7 (id=13107):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x5, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xdb9, 0x0, 0x0, 0x4}, 0x0)
ptrace$cont(0x18, 0x0, 0x2000000000001, 0x0)
ioprio_set$pid(0x7, 0x0, 0x4000)
sendfile(r0, r0, 0x0, 0x7ffff000)

1.128562959s ago: executing program 7 (id=13108):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) (async)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{&(0x7f0000000380)={0x2, 0x4e01, @loopback}, 0x10, 0x0}}], 0x1, 0x46000) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0xc002, 0xc)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x8d, 0x24, 0x83, 0x20, 0x55aa, 0xa103, 0x1d40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0xbd, 0x40, 0xf, [{{0x9, 0x4, 0xd2, 0x8, 0x0, 0xc8, 0x28, 0xb8, 0x3}}]}}]}}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0}) (async)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x40086602, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[], 0x58) (async)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000000)={@empty, @multicast1}, 0xc) (async)
close(r0)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20b00, 0x0)
preadv2(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/129, 0x81}, {0x0}], 0x2, 0xffffffff, 0x8, 0xd)

848.575094ms ago: executing program 2 (id=13110):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f000001ab40)={'ip6_vti0\x00', &(0x7f000001aac0)={'ip6_vti0\x00', 0x0, 0x29, 0x5, 0x36, 0xffffffff, 0x10, @empty, @loopback, 0x1, 0x40, 0x65, 0xaa}})
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x419, 0x600, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xff}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x40, 0x4, 0x12, {0x12, 0xa, "b3de537a4aaadf08b7784abc79f17221"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
pipe2$watch_queue(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
read$watch_queue(r3, &(0x7f0000000280)=""/235, 0xeb)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x32, r2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@fda={0x66646185, 0x3, 0x2, 0x3f}, @flat=@weak_handle={0x77682a85, 0x1000}, @fda={0x66646185, 0x1, 0x0, 0x15}}, &(0x7f00000001c0)={0x0, 0x20, 0x38}}, 0x1000}], 0x0, 0x0, 0x0})

759.376816ms ago: executing program 9 (id=13111):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x200b, 0x1})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r2 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe64, 0x1ff, @empty, 0x2}, 0x1c)
r3 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0xe64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x202}, 0x1c)
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r4)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="116566a83f75b5f0200c883f05e962b847c2c20d895e28c4af5a97faaf97d2a9797830a6b6e66013f44bcef71162061931546e23619ae7579f378584f6e6abafa3a95492e388230fd8b8b816ef801f2a8555ca8f0d18be68c81483ccf3a8ded83511ba1c2b3ba8d3594dddd8ad281d6eaaa22397c9b31629e93da450b9", @ANYRES16=r5, @ANYBLOB="010000000000000000000300000004000180"], 0x18}}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_int(r6, 0x1, 0x30, 0x0, &(0x7f0000000680))
clock_gettime(0x5, &(0x7f00000001c0))
r7 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
syz_clone3(&(0x7f0000000340)={0x200000000, 0x0, 0x0, 0x0, {0x3a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r8}}, 0x58)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
fadvise64(r9, 0x0, 0x9, 0x4)
ioctl$PTP_PEROUT_REQUEST2(r8, 0x40383d0c, &(0x7f00000000c0)={{0x200, 0x9}, {0x6, 0x9}, 0x9})
umount2(&(0x7f0000000040)='./file0\x00', 0x6)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x4, 0x2, 0x32}, @flat=@weak_binder={0x77622a85, 0xa, 0x3}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x20, 0x38}}, 0x1000}], 0x0, 0x0, 0x0})

756.658586ms ago: executing program 9 (id=13112):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = add_key$fscrypt_v1(&(0x7f0000001000), &(0x7f0000001040)={'fscrypt:', @desc1}, &(0x7f0000001080)={0x0, "ddbccf095457dfd2f87457a4e8f6bffca5bf7c026c9125596e954a3c489562061333e72e2946890c19c3edc50daa560000000000000000db6b18d700", 0x1d}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x13220c28)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0) (async)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x0, 'wlan1\x00', {0x1}}) (async)
syz_open_dev$hidraw(&(0x7f0000000000), 0x7, 0x4000) (async)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) (async)
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) (async)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) (async)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x0, 0x80000004000000, 0xc], 0x80a0000, 0x2010d3}) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4) (async)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x20}}, 0x40000)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "ed27fbb5d5ba69000e6769b69dc51dc5c32930bc5b6886786c9c975fe54da42154c59a884c54b5ff1e0501c423c33cd3314f79fd035e590fec690ad23ecae1dc", 0x33}, 0x48, 0xfffffffffffffffe)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$TCSETSW(r5, 0x5403, &(0x7f0000000040)={0x466, 0x66, 0x800, 0x0, 0x16, "1ccb080b34ab1d0d1408e8ae3887378dcb9f48"})
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000001c0)={'ip6gre0\x00', 0x0})
r7 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r7) (async)
r8 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io(r8, 0x0, 0x0) (async)
syz_usb_ep_write$ath9k_ep1(r8, 0x82, 0x4, &(0x7f0000000040)=ANY=[])

755.535346ms ago: executing program 9 (id=13113):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x141342, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000003000200000200000089000000188f590574a5e4c555d75073468f2b33d9426a9f1a6d8a859e58a15c93a6b14f363d4cb1aeac29c976efb9dac7839b563076f685109bbef85f9019f85aa76f6a18886ce7817589683b66bd3e0ddc8969e37f86ea2b8cd8ecf8f9dece6e90d711ec4f", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000008400050000000000000000000000000000000000000000003200000000000000ac14140c000000000000000000000000000000000000ff000000000000000000fdffffff20010000000000000000000000000001000000803c00000003000000fe88000000000000000000000000fd0100000000040200"/244], 0x13c}}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ppoll(&(0x7f0000000340)=[{r0, 0xa4b5}], 0x1, &(0x7f0000000380), 0x0, 0x0)
ioctl$BTRFS_IOC_SPACE_INFO(r2, 0xc0109414, &(0x7f0000000a00)={0xe14, 0x0, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000940)={'sit0\x00', {0x2, 0x4e24, @multicast1}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xffff8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
syz_usb_connect(0x0, 0x24, &(0x7f0000000880)=ANY=[@ANYBLOB="1201000009003610ef171e7206de010203010902120001000000000904"], 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="000457"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r3 = open$dir(&(0x7f0000000500)='./file0\x00', 0x240c80, 0x38)
mknodat(r3, &(0x7f0000000280)='./file0\x00', 0x11, 0x10000)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
getresuid(&(0x7f00000002c0), &(0x7f0000000140), &(0x7f00000001c0)=<r4=>0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r6, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r6, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r9, 0x4140aecd, &(0x7f0000000140)={{0x11100000, 0xffff1000, 0xf000, 0x9, 0x7f, 0xe3, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0x8080000, 0xd000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x0, 0x5, 0x5, 0x4, 0x92, 0x9}, {0x10000, 0xeeef0000, 0x1b, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfa, 0x29, 0x9, 0x9}, {0xeeee8000, 0x0, 0xd, 0x9, 0x5, 0x2, 0x7, 0xf1, 0x2, 0x6e, 0x0, 0x8}, {0x4000, 0x1000, 0xe, 0x2, 0xad, 0x2, 0x5, 0x4, 0x1, 0xe, 0x6, 0xa}, {0x0, 0x1000, 0xc, 0x0, 0xcd, 0x5, 0x8, 0x25, 0xa, 0x6, 0xff, 0x6}, {0x1, 0xeeef0000, 0xd, 0xe, 0x13, 0x3e, 0x3, 0x0, 0x7f, 0x5, 0x0, 0x8}, {0x2000, 0x405}, {0x80a0000, 0xff7d}, 0x0, 0x0, 0x6000, 0x61, 0x5, 0xa800, 0x800f900, 0x0, [0x6, 0x2, 0x3, 0x1]})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
bind$inet6(r6, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000980)=ANY=[@ANYRES16=0x0, @ANYRESHEX=r5, @ANYRES64=r4])

627.948348ms ago: executing program 7 (id=13114):
unshare(0x60000600)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x87, 0x8, 0x4000006, 0x8, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x66, 0x0, 0x83, 0x4, 0x0, @multicast1, @private=0xa010102}}}})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r2, 0x4008af14, &(0x7f0000000040)={0x2, 0x8})
ioctl$VHOST_VDPA_GET_STATUS(r2, 0x8001af71, &(0x7f0000000000))
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000100)={0x800000000000158})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffdffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2e8})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@dead_binder_done], 0x6, 0x0, 0x0})

534.70809ms ago: executing program 7 (id=13115):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
socket(0x10, 0x3, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000008c0)={0x18, 0x1, 0x2, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_EXPECT_MASTER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4048081}, 0x4000084)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) (async)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c) (async)
sendmmsg$inet6(r2, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)="82ef", 0x2}], 0x1}}], 0x1, 0x4400c800) (async)
write(r2, &(0x7f0000000440)="7d79b2fe1671370dfed8eeb59eea8b6a261804d87b03", 0x16)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socketpair(0x28, 0x0, 0x0, &(0x7f0000000140)) (async)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448c9, 0x0)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

487.430901ms ago: executing program 4 (id=13116):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x80000)
ioctl$MON_IOCH_MFLUSH(r3, 0x9208, 0x8)
ioctl$KVM_X86_SET_MSR_FILTER(r2, 0x4188aec6, &(0x7f0000000a40)={0x1, [{0x2, 0x8, 0x106, &(0x7f0000000540)="d7"}, {0x3, 0x8, 0x2, &(0x7f0000000080)=':'}, {0x2, 0x0, 0x7ff, 0x0}, {0x1, 0x0, 0x912b, 0x0}, {0x2, 0x0, 0x3cb3, 0x0}, {0x3, 0x0, 0x3fe, 0x0}, {0x0, 0x0, 0x2, 0x0}, {0x3, 0x0, 0xfffffffe, 0x0}, {0x1, 0x0, 0xb, 0x0}, {0x1, 0x0, 0x3, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x60cf6ba5a5e3603a, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x7ffffffb, 0x0}, {0x1, 0x0, 0x5, 0x0}, {0x1, 0x0, 0x8001, 0x0}]})
pipe2$9p(&(0x7f0000000640)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4000)
write$P9_RLCREATE(r4, &(0x7f0000000680)={0x18, 0xf, 0x1, {{0x2, 0x0, 0x2}, 0x6}}, 0x18)
write$P9_RCLUNK(r4, &(0x7f0000000bc0)={0x7, 0x79, 0x1}, 0x7)
close_range(r0, 0xffffffffffffffff, 0x0)

467.135462ms ago: executing program 4 (id=13117):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
syz_usb_connect(0x3, 0x4f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201010213df6220f30c7a8119eb010203010902"], &(0x7f0000000100)={0x0, 0x0, 0x80, &(0x7f0000000000)=ANY=[@ANYBLOB="050f020010030000000610400a14070000000000"]}) (async)
syz_usb_connect(0x3, 0x4f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201010213df6220f30c7a8119eb010203010902"], &(0x7f0000000100)={0x0, 0x0, 0x80, &(0x7f0000000000)=ANY=[@ANYBLOB="050f020010030000000610400a14070000000000"]})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)=ANY=[], 0x18) (async)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)=ANY=[], 0x18)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
syz_open_pts(0xffffffffffffffff, 0x20000)
socket$nl_audit(0x10, 0x3, 0x9) (async)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000240)={0x0, 0x9}, 0x8) (async)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000240)={0x0, 0x9}, 0x8)
fstat(r2, 0x0) (async)
fstat(r2, 0x0)
syz_open_dev$usbfs(0x0, 0x40076, 0x22800)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=<r4=>0xffffffffffffffff, @ANYBLOB="01"], 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000c80), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000b00), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001e80), r5)
sendmsg$IEEE802154_ADD_IFACE(r5, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYRESDEC=r4], 0x28}}, 0x0) (async)
sendmsg$IEEE802154_ADD_IFACE(r5, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYRESDEC=r4], 0x28}}, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x14, r6, 0x8, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4094) (async)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x14, r6, 0x8, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4094)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r3)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, r7, 0x303, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x88d0}, 0x8000)
socket$key(0xf, 0x3, 0x2) (async)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000300000000050005000000cc580a"], 0x80}}, 0x24000000)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600)
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x3b9ac9ff, 0x0, 0x0, 0x9, 0x713, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfc})
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r9, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @fda={0x66646185, 0x1, 0x0, 0x38}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x48}}, 0x400}], 0x50, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df"})

336.297414ms ago: executing program 2 (id=13118):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x44, 0x6}, {0x6, 0x1}]})
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x20, r0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24040084}, 0x84)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000010c0), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r5, 0xc008aec1, &(0x7f00000003c0))
write(r2, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

207.336117ms ago: executing program 9 (id=13119):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9, 0x0, "000080f100df000000a7d9de16c708db7200"})
syz_open_pts(r0, 0x20000) (async)
syz_open_pts(r0, 0x42) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x2, 0x0, &(0x7f0000000440)) (async)
socket$xdp(0x2c, 0x3, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
ptrace$setregset(0x4205, 0x0, 0x1, &(0x7f0000000000)={&(0x7f0000000100)="023a3b32a8530d0648444f138d9c176b04f0f91de6b9fe513adb984dcb636b3f33825c376f2b590fc63b5760e50b8a147a10ffe643c81b55035cc0ea76f2e4229349ee5dc03a735595b942723fad49b453e90db459982c38", 0x58}) (async)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x400, &(0x7f0000000100)=ANY=[]) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0)
ioctl$KVM_GET_MSR_FEATURE_INDEX_LIST(r2, 0xc004ae0a, 0x0) (async)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000000)={'nat\x00', 0x0, 0x0, 0x0, [0x20000000000, 0x80, 0xffffffff, 0x1, 0x7ff, 0x7f]}, &(0x7f0000000080)=0x78)
writev(r3, &(0x7f0000000040), 0x0) (async)
socket$inet6(0xa, 0x3, 0x5) (async)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
dup(r4) (async)
r5 = socket$nl_audit(0x10, 0x3, 0x9) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0) (async)
r7 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r7, 0x107, 0xa, 0x0, &(0x7f00000000c0))
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x10) (async)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x167342, 0x0)
readv(r8, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0xfffffcd9}, {0x0, 0x2000}], 0x2) (async)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xe7) (async)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x30, 0x12, 0x0, {0x3, @ether_spec={@local, @remote, 0x1ff}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x0, 0x8000, [0x2, 0x2]}, @udp_ip6_spec={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @mcast1, 0x4e23, 0x4e22, 0x9c}, {0x0, @broadcast, 0x3, 0x0, [0x3, 0x5]}, 0xfffffffffffffffe, 0x1}}})
socket(0x10, 0x3, 0x0)

205.923726ms ago: executing program 9 (id=13120):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, 0x0, 0xffb5)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})

203.759716ms ago: executing program 9 (id=13121):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x801, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7f}, 0x1c)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r2, &(0x7f0000000740)="32780f643983", 0x6, 0x20000045, &(0x7f0000000040)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
syz_usb_connect$uac1(0x2, 0xba, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010003000000106b1d01014000010203010902a800030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002000a000a00040c24020203020250800009010f240605020207002e130a004ef1000924030102020505"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0x80, 0x0)
ioctl$TCFLSH(r4, 0x540b, 0x1)
r5 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r5)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000001800)=ANY=[@ANYBLOB="facf662baa12c0b00b785668a360c03254ae110e6e9fedfe8b96b840ab2ecfb967dac3c5873edc499a6d2c0a93f8564d3e84d1db8d69e338409b00abca4c4268228f830505af3bb42c57087762385dd227fb00"/96, @ANYRES16=r6, @ANYBLOB="010025bd7000fedbdf254a0000000f00a8007365636f6e646e616d6500000e00a80066697273746e616d650000000410a8008daaff6816db73675fde23f7f010b9dd6e3fd50199f174e2c298482f2cec289340d0be1189aaceb9fcf4927cd81726e01ed8f79febb21e430ff4c4fc9b8090030fb7a59a4019fda95a5ad67e2f049f4e7279df23a94b9dad81bda000b01d62e315390b2236f021f77ac06f4747a39a4a4336dadfcc3b9da7ed99dc54de8326f7a8d45af8b84c168b724fe33a91d81b1e529f966971f29bad028c50b15a3c4a27f5fdc05552b62e179fba3c188bdd6408755e5fdb29b21850afff4317280ef0a393df5659cb12b3f18129651e08d0efc5e19bdba315be9fc9c4509c7ea2d5af5503d00f3d50a1f26f09f7d22b70cc09a98e5659c76726d0f81c251144bee77312545c2759db9b3b7bd4dc03aeeea8dfa69cb23f180c141fd88f62ebb79575b77a42f0030cf39c8a2993232d3eed5fdca1ab59483f6865cd5bf5d2ccc2c382ad44749f0269908a241f8a237c40de8200720eaf6b287b68fa7ffdc2f773ad5e616c3deb935771830eb8c9f58c4ff30d739b06a6754e9e6c214d0e0200a334d5910d6e33eb10ad231794e0340c9f4abcc34f3d98c02b7830e13e7baa4bd0bfe8e4bc95baecf579d5775b3f2ff72cb3d82f598de008805a08b3fb3c7edc6d246f40d6d2f677b366987369a20cc0c59be645e1fcd745b264545cbffa832cd66373c87fffc94bd93e685719286e4dd2ec00216801a239cfb71c571623b45aa1289ec4d0a8278a740c6005ff363d421fda244e1ceac0bcd389e161c465cc87c267ef85d94a7b1ee186844d0c7ddc8bcf76ce12c6a0ab284369394bfd5c7ce7fd9ef22f8b9662c88ab8302105933eb524e11c1d3ed2789ed723eba22b775183e72693e88e1c0e178203eecf5a5e21bae883673cd0ab13ed2d49e666d1511125b83b1ca1b36cc4b8fef96d251d42a17ed9bb5ab5b0e566d2d6c2cb672688a431a71fdabfd306e233014576da3c9952287bd45f37573575dd95411682f818e030a84a15bb449298033e707cff2ebcabc52310beb9840dacd544ef033f60037e609e48c2deedb657cffdfe7ae0cf0edebebdae7e911b1f9632bccbda1559a67820a80e36271665c2f78b85e533f6d160cde57e8ca6392f0803b32724b0b5ff7a556b2ecac8e2fc411988e53cd2e2eecbea8f9257b46674261f339f264d125c195a2da526241697b0e878e45ca855f42ea858caa89cbee2ef2a30b088293e2ba582730b542e719afad179725f6776077b007190063a84415c26249623c65fbc49d8505d3ae17fc0ae1fe0c9d310f9f47f4f121817be4c0db4042063c6c91bf00e64415b699f2a4fe7d06261e7ebf14a05e50f2a204dce83710aae6940f5d8ff90c5d5d936cb7543c9cd4f1950ce4beea42f23b5bdb0c1eb07e7a2ab91c90e30bc4efaf8a2cb28b7f8bc826706981f950f1eab5b0c111b867783482ee0b95b795aae7da6933a27d60b8bab91423655899da5d3803e8fb5f76e42519339e07075adcef154bf63792fa7bc694b9a8e53c1bf3ff05173acc5b941f37ddc42fccd661aa24e035bd7b42fbfff5e9cf7407680aaec472dc68e25b8d07f9f943b72cc094ed0d0f68f7945e66c643690b688607b6dc55c985a71193157cd5a5ad324cd438f3e686115df8500603dada8e32f443b47194f1f7001812ae8f1891a14d16c76dc7dee0548a354afd63ebc5185cc5c59a533455e78a772a2eebef44e04126342ceec0ba312af6adc9bf30e9c399a53f9b978483c1606768830f616367f21205c135d6a4056711c86a306e00fd1af0bb0af960954ae53b08f89cf7f4ecf2d21c4c6b63d851be017fdb978c9be091d53aea1d583ddddeb6f9db3a1cdc1143b4e35b946efe93c82224efbadb2ce93679d1c3bd0dfaf0e43702605ebab6d8bfa91d1215e87b23061621c893ef2f7bd120bab24d851cc9577f74a617ccb39b251e6eea152fa7d55ddf3e7b05c0584c831442cd6344f5d9dc8a84de9208c5b416b87dad0d8f327613c6d5a4adfb3972db612992e1ed1bf167b53ab2094ddd3f6f58c5d9675be75438798321261d5e5c26ac59b1e344796a2078544d906ef447bc3f702dc193f9a8dea426c74673153b67a1adf43407d11dd97f1c602bf8a316398569dd20ad6831e95c725a811bfe94679169fac267682fea37fd18ac46aa7d8ec9f1a14f1f272f3d8a3985fec30663ac07726a9d6e15ed3e963880867e109b4e11ce37377afb9a9532f386a02bb1e90602af365ddfbad99fe6e2a359d584497a298596b35c9817b36fa68e38753b205ab90a1f0cdb993c44be7d9a0d16dd2b1198b655aa27fe406bc4d03d60d0d0e6f08da849474d3380d0bd5622a02f03e6539a7f1fbc8890ec117f84f09536c26ea942c4619c12a67d326f5ae4dc8bcf693fb1c2d3b7c222d97cbab12ab7e30d4146c763649dda38504694069b1b2f511588e73146bef2bd70fe7edf2a81096a5ccdb3e65c739b2990ba61c993acec2057783bea91eaba292f162975203b0686e60a7d49eb6212947849fbfaf17312cd4bab3eff21d9b2bbe265252550f4615ef733546454d594f6b1a657b9157533b34799d034613b579f30e3ec5fe7c16041ba408dbd65cbcb4c5c01fdb602f80393a3fb0bd3d51d01d521eb685123016ad29f3a35248f0748977d52cc6843862d622df276f56582d53d473db49a151699076f004c72d3add7f5dd0765901a4a4cf224abe3d94ca835d0fbb2f59d00fdcd084a60355e2c2da779751313dfe3ab5c0f7217c664ea5a1745ac935437eed3fc079089ea741068c48b7a48e160c8f76b8e325fa5b1788445bf963f851f0c5b737be439cbb4a48ba4dc8a0b734d712356bd71154b60f3dbb6013d678006679ed66efbc8a1decc8ef6bb90e440db8e6e0835e64ec056a1375976cce1dd2d210ed16ee3e804f0d266531cec5ac962b5bfe8b91b36b37225f8df4dc555cd2eff889a7f1af937c468690c7578a0004c8be074867b3fba5aee03340d25a87458472ef6a7fb356506964c7521bf59d870fd69bbd851693be6639e2e77d5078c4257068c910e3574d192d398c26bed7645209337345580ce83aa5e99728b0ffafc4045fc25f8274b2a371c630f70e295a8e6e672068263e5dc0178b5cf3ce4c9a20858e67c6a3b11d561b5e3538a6b10fe3505a127192940401e385714f74f292ec1a9d8428ebff7fef8b5c7d6804385a7bf3b6f59df8ea8eb712d2c90ee098073e2a7f5b566c3d9bd0d06822343acc274d2e35e4f9ebd9b85968ea1d0284b957b83717b598cbda234f48b6fa9bd60e86838406fe6e7db294bbfc523c41b5b39e3f3bf1a4586cf1d0ff5b1127ff8271f60cbeba8e1f756d3c9af22923b8b9225208782675a90f88995ccf0a7ac4721a375cb59ec32433a2486e059086796e48f29756ec8a31bb5cd90cc0894e02e3cb091c79ab9d42ade79e61cea62c9b6483d6e1690e4e174d34e345f65aaf57488b5fde443d9a02103fb103738f194fae933c8ba51b90140c79864d35a103311f94d0d2835cb147ee120875846e33a913f052614de0d1027659c13edf62e241c6cdf33691e9bfcfe629944a72e96b39985d096957c43a9ba04dcc51918a6a1a3f1d9642f3eb777dd2d28c407144c3eb697d4b158deeaeec98921abee6b1a1c2919ac6e62feffada9326f1ac93a3af5e9327ff4b3abcc5410b39fddd764a1bdcf9e98ab174a7c9b5ac23010ebabc25fd7883d86ffa24aa4baa925a058a5de232fdc7db38e9fc84d99615f2add2677749e244ed4749cc8d02a582b06fd3365e4c2504734e95e27d3e9cf37f3899b465a45eb5ba02a5219d4dd52a2d24f195fdb79b694c94e8b1760212f3e2c378362d0adf8d0fd1cdaebd4e5861a916cbc6aa0fed36a2122663a1a7a8cadfc0301d1e53a9e4ba413a4c6c949f3b2b35af1195f18078425c94c1252a0f5e936728768b92417592f7965348414399cc0510a3e17963f3ec77d0782d60dafd0ee4dded7d3967d93e1cd05bb21a2ff029a89fa77c6a9c79619b6fa06041809c94fd44570015b42387e083b417e6da12157d08110cb496eea2f3013059bd2c99f010b03f58fb750027b530d0fd35f247f3d177dcf05fcaa0d007a4de1e952462ebc2efa86066ec548012509e944fb3b9643b64cd034d5868c8724e483b0bb53a3dadc10f7713ffc343af3f393aea2f6df2db4ac0b4e81554c179bd344012ba12c5204d154eb7daee71c5ba5d5a858aac4fb2cef3fb9f2516eac56f91d3f0f1a1cfaea6513f1957e0cdf9ffb0945c0381d7a0497e1f011eb20034edd88f1a7b3d9cfadcdcacfa755759ab6ae3d9735ef2a38ac1d8ced31ea054d63431555981f59c409529f38f0d9f7e9192618d39da614a4485e01e9dcd38abc17881a3a02d3866ae17d250905aefdaaf7c41a3d69a42db73602699c6e3a85a19c94383fe0f6e5c8867734aa5119f57fab73cccf90bf8eb829a1a5a98190c421ba0a74dd0087f8865153ac85add15b55ef653cbb6283e21d174916af201b23baf014a792776a565f7df142b977457b4032e148a4644b217b3f7dcec70fc8a74b75708eee70d307bac9770be2d6beec4bb9d677feaa414174f7d30484b7eb5275bc13f37f09a7d5a2119453cdde4125e3391fc947973a110a2e5049d641dcb2e62db7cee314f83ba7055af237eb7d9b5a6558a256544a9628e8fda934863c1eb415de0e6ec6641b61cc0eee2ad612e722285f27faeba2b0b68064039e0c6b0b1a4f434083504b9227b61a333c7818879e60ee51642dc596d15bfadc4d1089d4b6e71a26bb2352eaa04e9ebb9da3c75a0f16c1284c697dc746d2c48edad99fe172872e49ca7f71addc86f1853c1715728137753c17dc03127270c92a465d33fb125ff56944c52bc3c652974a71f158993bf631930533a8b236d08ebc8c185164bb53388d2b6e035c2c8f34fd86171243fa488543ee12f0102f28988d088ce3cf5699abbfda34c90d707f8dd96349fffc877f9568feaa9feb8beee1d939445ad85ad7bcc0749b3b14ed2b25d179d27617a6e9c15661e9e425e04310a9838d3785272da969de07709c9b0a4dd926e36d587a69fb8667198b6f3840fbc8e07c34bf3e1b359e2704f89dab1b9455990c193a9b05589900cb7db5a6bfa80a5527a81bd67bf9dff927f79534af16ba739286149b5524a16caa5d8b86bdcb8bfd87b904cd522c26b06bb341c09971fd8fb4c1790a98a001e7608425e62a88db621f91d19a1951af3eeb526df3ffa5c23ff54adef2d67a22c2f8e2e2f9c8cc23b8ac870a25d02e71840c297148ae15291da61dc1002f10081deafcbb75de24de8f16db440e04cd6244660b766182d51e2ad9e839bebbc657226e26e614b9862cf97e6dbaec9c2737e05900ff697d21ab407ecf9b0b3c105134cfccb6546af9ece14279c19d2768afd744f1aeef674f03703279734f0da5a8142f48f5947e0ec2911245d3048e6d6a800eef2d80dca4b99731a217f85de48d25511602cbfb557aa765beff6852d44bae090714caf1a1dff5c2b2f2713f2e402443ce108e32585b40afb13a3a69638367c0b5bf5795abe652106edb2d2c7a1712631c79c224ad0ff9eabfebb85de933622302abdbf06db5537aa73042787ac5cd047233b9fecbe2d2b9ca01c60d0d254625d38321988459d770068610e6f87aeaf1c360440d3cf002ad8780583e78ea779f88c932776350e594896c7b7330d53e57888de73aad2b6b6ed4fa99a4251b1c5e21fd38bc03f82e5207a9a12e3f2c6b991b37dff839bdb3a1e37afe43b93bbf382bf93589587003f39664108000300000000000e00a80066697273746e616d6500000008000300010000000e00a80066697273746e616d650000000f00a8007365636f6e646e616d650000"], 0x1078}, 0x1, 0x0, 0x0, 0x40084}, 0x4000000)
close_range(r0, r2, 0x0)

12.82451ms ago: executing program 7 (id=13122):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = userfaultfd(0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x50, r2, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
readv(r1, &(0x7f0000000000)=[{&(0x7f0000001200)=""/150, 0x96}], 0x1)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9, 0x0, "000080f100df000000a7d9de16c708db7200"})
syz_open_pts(r1, 0x42)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_BULK(r3, 0xc0185502, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 7 (id=13123):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$nl_generic(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000e40)=ANY=[@ANYBLOB="00040000210005022bbd7000fcdbdf24050000000c0004"], 0x400}, 0x1, 0x0, 0x0, 0x1}, 0x24000010)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0x1, 0x7)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', <r4=>0x0, 0x2f, 0x3, 0x1, 0x4, 0x3b, @dev={0xfe, 0x80, '\x00', 0x20}, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x1, 0x7800, 0x6, 0x8001}})
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000140)={@multicast1, @rand_addr=0x64010100, r4}, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73792274656d5f75dd47d0b9"])

0s ago: executing program 7 (id=13124):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 64)
mount$incfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x1010040, &(0x7f0000000280)=ANY=[@ANYBLOB="726c6f675f70616765733d313834343637343430352c0000000000030000000000"]) (async, rerun: 64)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0}) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async, rerun: 64)
r4 = socket$inet6_udp(0xa, 0x2, 0x0) (rerun: 64)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000180)={0x9, 'vlan1\x00', {0x1}, 0x9}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async, rerun: 64)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/126, 0x7e, 0x1, 0x26}, @fda={0x66646185, 0x2, 0x0, 0x25}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) (async, rerun: 32)
sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="0100000000000555ae6a68fc104b537688acf38da278a3c0807329ec3bad5167de2357cdcc4acecb1c2c850eefd3c25a53261f53b9dbdcfa84590b8f9ba27073305abd3af4130871fe01cd171298e0a84c75fff6214a27e74f04ba3cd8af189d83208fdcf89ebc9069b8acc6b519f3a76570ff70a98258835f8cc9d953a27308184a01b76801712cb6bf19ecad38e972e7db1207d93290757e0be785a7e351fe001307e03b42", @ANYRES32=<r5=>r0, @ANYRES64=<r6=>0x0, @ANYBLOB="1585990c9c76e180ddb3fb25dc41c864b6cec70a98189e5ffafb29c8fa2b13f7858778ee92db9dacac8995081b0edbd1918e8b7fdeb2c80642c2fe480144d4f16f483b11b68ea57c950481d36357ecdbea5bdca2d9018998b79ce1bf84d66f518dc8a4ee049b893dd94f0367acf321a453f61f1dafb3d32b008e6cdcc270310455907e252fee01cdace062e6f179795184d668cf038a29a11fed482a928e84ca1769eec6b2f39cd80963f600223e3194e3f0c78fbff9a7f59f66372d721991443bcb5877b12795537609a6de41bdcfba6cf43396f2d4ef6cf75f1c6af0a36f4be0cc83789d8b884c8a458b6dd1efc2ead5fe9ee19f02520563dd4b12ddd9e7c7048448984e56c4f4f955c9ee5d8694ba5df941deefe9374bae9860e8f41fd94236c68e9de9cb266cd38f5f50b65d8ab25e858ed92881c50919cccc3931091e08380c55433dde989971c39991ec06316993faa0608aa05f7ec963b2006f847b1b5d6780526aaf7b3db02343c51a5c675d68ebf5752c80c877f69aa90c855936a7168881f0e77ba9ccd1fb295f82bebcccc56e0679f06207c7739b6880fcc4bdc5fa967b814c2a688370052589b6c082ae788255d76ce1247aaaa9b156c1a2184ab3479201e942c7e1c9590e2a5744cbed275d22d6ecc27038bca5fb7462cd91e167147a931870bf38f78c220b2754d2b0a56d23538fcd328ba3188d477b881480c464662184c16c50dfd5980b890b0a8ffca2abd3377462591c308989eb119b0eff76b8ea22c31a379e8c4110d6e632470beca6eb175adede4233ff0fb6b52225e19b42012ddd5b3dc5476f2b782d4e38ccc641e08ade7f867ed25c3c893a0946ee2c073cd66c203c32c4898e4237e831ea2572196a090e7638daec3ef02d53ede4e0da8851ca2d75008ba3c41b612bc735a10860a2af82eb8ecf442ba356af2c14017fbd0795de9dcbf46eccd7e8a0a720d7385482d6c3202051c4aa5f26110f761d705a73f51efec9ad105e49e2466b40d26541b5bc6ec7703536d09b8949217ea58352c4ed901d191e8cedeedc1e15b8d0e47e1d4112de2640b7b599ab1ee9199434d6472ca63cee9a19af86ad1cf7718bf4251a2bb60cb717020a241a4f455a541a5cfbccc8d862c30fcb46bacb0702330dabbf112f1297baf632b3453213138f654476a0a66823cea1d0ff799ff7247f7ce20380e2be1b10594c0460f553bc155f90374fd278dc47c1bac21df567402f0bf7260eb7cfd493ad7dae1b791ff879c25ce49175e105972ba29b7be0b27373ba020916d44641cdc4d4ce396964d48ae5453e3a48f4ae27613031d5bf4227b461095d6614a8017df5dd505304fe0fa129a204fe1374436317df06c7847afb6b939ddb3c6d149873ba96b87f8a5cf4c2c34cbc5e883fc39994b88e58550e8f851f73b4ccb503b9829e88b2aca118ab335130a886c482e44cc96e751b5a976b6f6ba0b76ba650e5a0f0da519ef7d03e038ddd68e10d8065c6415a4ff00877a37d2a061f6c05847e5e387198d89b331c7cc6251c7e4a279fbac51e8685f6d88136e3f411a92c4a81b0151d5813f9645c8ba001a370d1c293b41ce3580eeff1f667e9960599a8efa965d0accb5e2bf5ddf91a2dba4146565c15a38364e162850c9e64dab6c26fb81504a7e258bea1c24eb574e8df6454998db1f83d021c72352a166b6f23bdc1c7c60b64ea6b3a1bae6f2ef138757ea2466c8a0c37143984ee2382ba94ac12744b4e2fa2070d5ab5695bd5f3e46808b16d9f3b37d5f7e347c0fefc2365fc3e4a170f07c4380e3e846a100e422609936980f8274e76705254c2f0e488d4066ca6e4d4a8f62995872bd0b4dccadf96d5696ffef6ff39bd980a38a3a444429ad7a97db69b97dde39811861c26d0eff4af8a1ea30a4b274db6ed530300fae4672e5d7067566f5fc9a56f106cb50c2a20b8e61ae49a5f9bca750b6bef50b0bb2d5a7c88d996be41fea8544a4610c4e462cd710bb2b930176697652d28eaa4d93fe953dd10524757c997f5761572e3db7a5d2b9286b6d5a65bf8b6c541ca987868c22370a9e7fefd9df7702e4b89a7a2bff6369e0e87c6260861a15cde7a2518472d4d76da1a08ba528e597d67e5df9e2522f379e37ad23e83ed0c28dc15d7fdfa3c4ef33b6410060f61471b4be34162a04532f93f7037f60dce80ab1e72189f8d1d3b6afded049ec97550646319878cd219e0ea48eb87fdf11901263c4779a51b03ea02e2b98db7b848f4fefa66f000a023166c174a53253539a7a10b3b9a84bba9b343a14292fed4efcf99875530a36a2cb141bc31c5e57b243cdb80d855c495c709cbbbd475b13ac1464a6e7c2d199c3bdae24e1bf00e31061ff7c87116e4506852ef69eb2ac9ef02ca82aaef10c1588910f397d670ceddbf6f76adf866f584a6a8ac439bd32dba555c1250e2cc3be83984b724c6cb560b8de966963420ac3b67e5e004df34918433567f55f8a8df598d84a98c7d9d6c9cb514661bccc0966195da097e8a5c2bfc24af5ade51fdb7614fd6dca433a2132281977232b6536520620cf904a35ba231297cf0da10ab8e1d3064a8f50a2419d84e6373e61dad339e47652f1aeaf39457a6825cfc302be2adcd70893e1a8f859aff08f3fa1ecced3fea3b2673dc836264baa3b8b04e62a3182429ac6aefb8035028b2bf7e1029370f111086eab35a5a6da6f4f1b74ab7eb99ff3708c2ba0e324944f9e9eeb3bfc8f045b8907de6f9d3a6438d3c1e98600b94da86f5fab5127880dd56ce83a5d377efb6fa784907363a734cd0dc2bba2387ad6ac18d46a2369ea3c6c04c62019dfa9665c25e4de207c9fe5fd82f765b19837aad72989a34f69b29ea617f6afad2e7c9ac6a94fcd4d56603912c2ad8fea73af38c2760bf5331b723b2e9f12576ca657985bf80c4a2303f0b93b0e2fcd959125b56001a81cbca6303d3855a6aff28f2bc6ba73ec3fec577a831cbcb59c5bcd35592c148a9ec29768263ce5f72d32d261ffcc0abee4f219ee6e21b53d73c806d3272e37a97aad29130e566c22ac8edf0c1548f27996f8e8178a18c15d9059cfc51effb597172b04c736ecd303831f0d3ee840219c15071c67a3e43f450dfb45feb07b1d0dbd10b2e0d4ee49977b81d1bb4471d27388cb3e6684f77dd23b3483ea3a1f8b7a90fecb15fb02750b4807eb94eb6367d62bb547060e9102ec9901b3a35704711793df139d01d57a0a08d3f69ebcc9cdc83c5fee69df36c0c6e7abb2a71daa0026b6da3b2267307d9233ff32ce19c386bfb9381eb0d80c53ad3f2b2b39ffe3ce3468ff93cccf4f946171c86957a403704f9b55d4e975a52db5313df8180401433bc606a612dbd97e798195b1d682f9b3fd20618259a32beacb16f8a8f76f5d965df9062441f7d544e0a2ba1a0cf3e6be81ef24d03baacd540d2d5570b2025fd8532be8966cfdc15723387383b43b61e1544650607f2f6cbc96164139ea05f0e403450d50cc683323e131dccf34a262e25ac5f3370e9b00694e7da5c3640def38817f08f040f1a0ff5ed4ceb584fb427e36a0469595853a1df9b6c6b18b885bef93870ee9db559d3fee288590c80ee01c5f77311987c5e5975390198d34471c29791963d7ec3f3c2efb142f1abe16c52e909a1a817fef74f329346c6a197a3297f0d323125b1cdcd273b71ec4818625c89c64e59f79ba42470a2309f0042ecd8d139f0508639f8d9bcd525fba82eead5100891c76ef259e770e540544faa90905b9304be3cd88423e4237bd5041435759d0810d06ed7d0605128643efcf7d059ecb4e85651d740074040fbc81476c764c083f73631989ba86e38ef5a8dce04fec8026ddb896bc0563d9d8f8b339a610bfc8f55efbcefe2d6097a938afe652ea1c6d07ef064554f72315dd5ca1d8ad0058df8a57208a59b30e8fa8a493c484a0d99551b50ddc82584da108c405a9cba9f8049aa3769dcf84e24dd96e8441332bedd9703a11ee661f8d12e561c4d1b6299fa23457ca6ce3ad1e5a3fa80954cda23fcf9f65207c7264704b311ff1557ce218c3b62a2910fc2fc97b856ab22b96073d6c7b7872a15f345c5fde19a8accdfc85b9637d6ee7aa504483790506d83ceed417eab43eee2fa320aafd96c36ece3fb8bef15efcbbc9dbef7d7d52e75025119bb2c014c9d63d016776daef9b83c2ed553a21137edab2a1c5a531f7c48548bfb2021ee5964ef30824088940dc3bd6a44d1ce1a9376bb2a6d07ad281e012874c7eb8df29a0f394331e1351b335a3dd117c0b91d82ab112a904507b5e1ea428856374c810b42e4ba0e646f32c58cf2676052ff5c2242d494efe53e242ae1b9aafbd4d01fb6feec0e366141aa89336b42576a3ccb738bcfedf5dfac8a8c5d2b0eeab0eab3498cc1dd30be328f53d04974bd8e00624fab5a6805e3711f29b89b16c759fc290058ebe3c0de1f11622b10bb256b49d95004886f697ec696b5defc8e765af1d4b69ae13c95b68a283b31d9d6b8f6e226c242e5322dc651757b04d9166209be203aa1988ac5fa68c41e47d75edbe00a86f9e8428840b8a80cae3ca515000e43f29870e684e7f27f4fc8ab332a9c03b2e95d4cbed6a06780dce3b8544dc5d8d58c566bfade0f9183832c33379d11d0fb5d6071df9a94594573182a2a96bdcba90f6e5aec186ad040cfc958b2a749d92f83b3a4dd8c294754cac09491f12f62c0dbe58e032ad28c74ca57c542c5a78a2abfdba5e1c317b0f5cca9ef620d0827e92d2fc8da421e53b577a7172e309ce2565dbbee27f1c62a497bcb9b1b570e12a9503f18d0df42166fb179c6723b9611033492dc503a079e740856765dce98bd6eebf73666804197d5e3e3d04096899aa06e7b84d4b22239b10bbd880cfcd2b1ec352d89692d36e1d7508bd2d2faa29d6b61b2496395217d5013e6d7a74b35a29791b00edb874d3e9a42977b1c6e7197461ae11216eacc1e82cfbc4c7a206b1aaff5d73f46f1e14f41ed12d09b4fd9b4edc5571308b9d5e667b2f82e8450593ed147fac442f51102073f2b555900ea5fdde0fd19840972bef0bd181de3adc76ac888e7a2d45fcdb1db618d7efed6c3fe7c5351a0b871327fb593cb80390ab0347dc4ce15e912a44ccc2826e6c079cec1446cd940f36b8726089662eaa08468e863629fa0a93655365d0f08be027ba90d6ecc9314acbfc5813a999233706d106730ba337fea869c4948fe3bc2b9b439d588e276c7245c60ed2262410edf2a47734ee9fa3c62057154c904dc07fdc98bd2143ce087f26e10a800010827e999549fc76bb99e2d2473408fb33ff692cdb67e7ce796387e450614d45020930a92c8636bfcb4c24faca15746be01952232174d407138bd7174b732c5bcf1ece6fe5997d52867f09dcdb33eaa85f9d08d5f3063c4cb303c4c83aeba0fb67bd16a5a0e2e527550e39e6bfbf20db9684c4880b1795325d4a57875c74e8ebf19e2cbc4ae998ad2be4c7fc703b603e1c6021d4adaab92de36aeaf7e6ceac0e553517d7e4577d0b3c6c5585e3cc7f6d1ef1492e95e976c17067c2dd27da9011da39ab031de69e8535a973f7e4c3a4b925fd5f818f83b270c60144302379115f1ee9ecfc1dc2303b7ab510943af1664ca796f3e7c0d9dd109d8222d282fbad0949ff75e0bdb34235454b16735857f597ac87b6280ab57d35a4809d934c3e849e52a9cc52b8a2569741efcb9bfdddbf7b820602a932d68d1e681897571e5526304470d92f4e403836dfba1eaa8558e83518fc3e7889cc5f88872cb85be4b04", @ANYRES64=<r7=>r0, @ANYBLOB="0000008001"], 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x0) (rerun: 32)
sendmsg$can_bcm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYRESOCT=r5, @ANYRES64=0x0, @ANYRES64=r7, @ANYRESHEX=r5, @ANYRES64=r1, @ANYRES32=r6], 0x80}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) (async, rerun: 64)
r8 = socket$key(0xf, 0x3, 0x2) (rerun: 64)
ioctl$SIOCGSTAMPNS(r8, 0x8907, &(0x7f0000000000)) (async)
r9 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000400), 0x200, 0x0)
ioctl$FICLONERANGE(r9, 0x4020940d, &(0x7f0000000440)={{}, 0x5, 0xe9c, 0x5})
fcntl$getownex(r4, 0x10, &(0x7f0000000300)={0x0, <r10=>0x0})
prlimit64(r10, 0x8, &(0x7f0000000000)={0xfffffffffffffffb}, 0x0)
mlockall(0x7)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r11=>0x0}, 0x4000)
setresuid(r11, r11, 0x0)
brk(0x5d555ede6000) (async)
setgroups(0xd329779ad33ee0b6, 0x0) (async)
r12 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="98010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000008032000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000a000000000000000000000048000200656362286369706865725f6e756c6c290000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000005e001400636d616328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000a55b0ca9cce75f5c9b871603e40f7ec06b20000"], 0x198}}, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

e_orders+0x1f7/0x430
[  731.856844][ T3236]  ? __kasan_check_write+0x18/0x20
[  731.856877][ T3236]  ? _raw_spin_lock+0x8c/0x120
[  731.856903][ T3236]  shmem_get_folio_gfp+0x5f0/0x1380
[  731.856930][ T3236]  ? shmem_get_folio+0xc0/0xc0
[  731.856952][ T3236]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  731.856983][ T3236]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  731.857015][ T3236]  ? inode_to_bdi+0x6d/0x100
[  731.857046][ T3236]  shmem_write_begin+0xf4/0x270
[  731.857074][ T3236]  generic_perform_write+0x32d/0x960
[  731.857109][ T3236]  ? __cfi_generic_perform_write+0x10/0x10
[  731.857141][ T3236]  ? down_write+0xe9/0x2a0
[  731.857180][ T3236]  ? mnt_get_write_access_file+0x1af/0x3b0
[  731.857211][ T3236]  ? mnt_put_write_access_file+0xc2/0x100
[  731.857241][ T3236]  ? file_update_time+0x1ef/0x220
[  731.857273][ T3236]  shmem_file_write_iter+0x105/0x130
[  731.857305][ T3236]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  731.857348][ T3236]  __kernel_write_iter+0x41d/0x8e0
[  731.857369][ T3236]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  731.857401][ T3236]  ? __cfi___kernel_write_iter+0x10/0x10
[  731.857422][ T3236]  ? get_dump_page+0x160/0x220
[  731.857451][ T3236]  ? __asan_memset+0x39/0x50
[  731.857485][ T3236]  ? iov_iter_bvec+0xc0/0x180
[  731.857514][ T3236]  dump_user_range+0xb06/0xdf0
[  731.857537][ T3236]  ? __cfi_dump_emit+0x10/0x10
[  731.857571][ T3236]  ? __cfi_dump_user_range+0x10/0x10
[  731.857593][ T3236]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  731.857628][ T3236]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  731.857668][ T3236]  elf_core_dump+0x2ccc/0x3800
[  731.857699][ T3236]  ? __cfi_elf_core_dump+0x10/0x10
[  731.857733][ T3236]  ? dump_interrupted+0xf0/0xf0
[  731.857766][ T3236]  ? filp_open+0x182/0x1d0
[  731.857795][ T3236]  ? 0xffffffffff600000
[  731.857812][ T3236]  ? freezing_slow_path+0x12b/0x170
[  731.857843][ T3236]  do_coredump+0x1bf7/0x2bd0
[  731.857879][ T3236]  ? __cfi_do_coredump+0x10/0x10
[  731.857911][ T3236]  ? asm_exc_page_fault+0x2b/0x30
[  731.857940][ T3236]  ? __kasan_slab_free+0x6a/0x80
[  731.857966][ T3236]  ? kmem_cache_free+0x1c1/0x510
[  731.857988][ T3236]  ? get_signal+0xa75/0x14f0
[  731.858016][ T3236]  get_signal+0x11fd/0x14f0
[  731.858048][ T3236]  arch_do_signal_or_restart+0x96/0x720
[  731.858083][ T3236]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  731.858120][ T3236]  irqentry_exit_to_user_mode+0x4e/0xb0
[  731.858143][ T3236]  irqentry_exit+0x16/0x60
[  731.858164][ T3236]  exc_page_fault+0x66/0xc0
[  731.858185][ T3236]  asm_exc_page_fault+0x2b/0x30
[  731.858204][ T3236] RIP: 0033:0x7fc9cfe4f987
[  731.858222][ T3236] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  731.858243][ T3236] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  731.858265][ T3236] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  731.858281][ T3236] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  731.858298][ T3236] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  731.858337][ T3236] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  731.858353][ T3236] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  731.858373][ T3236]  </TASK>
[  731.858423][ T3236] memory: usage 275120kB, limit 307200kB, failcnt 58015
[  732.131240][ T3769] netlink: 8 bytes leftover after parsing attributes in process `syz.9.12009'.
[  732.134341][ T3236] memory+swap: usage 417656kB, limit 9007199254740988kB, failcnt 0
[  732.194721][ T3772] netlink: 'syz.9.12011': attribute type 16 has an invalid length.
[  732.207285][ T3236] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  732.230213][ T3772] netlink: 64138 bytes leftover after parsing attributes in process `syz.9.12011'.
[  732.246173][ T3236] Memory cgroup stats for /syz1:
[  732.402805][ T3236] cache 314191872
[  732.411581][ T3236] rss 229376
[  732.414806][ T3236] rss_huge 0
[  732.418016][ T3236] shmem 314191872
[  732.421701][ T3236] mapped_file 0
[  732.426756][ T3236] dirty 0
[  732.430574][ T3236] writeback 0
[  732.433928][ T3236] workingset_refault_anon 327
[  732.438765][ T3236] workingset_refault_file 15
[  732.459644][ T3236] swap 127844352
[  732.465024][ T3236] swapcached 86016
[  732.468946][ T3236] pgpgin 381299
[  732.472749][ T3236] pgpgout 305544
[  732.476406][ T3236] pgfault 129145
[  732.480293][ T3236] pgmajfault 117
[  732.483901][ T3236] inactive_anon 67887104
[  732.488250][ T3236] active_anon 246263808
[  732.492761][ T3236] inactive_file 0
[  732.496465][ T3236] active_file 0
[  732.500431][ T3236] unevictable 0
[  732.504089][ T3236] hierarchical_memory_limit 314572800
[  732.509563][ T3236] hierarchical_memsw_limit 9223372036854771712
[  732.515996][ T3236] total_cache 314191872
[  732.520216][ T3236] total_rss 229376
[  732.524128][ T3236] total_rss_huge 0
[  732.527917][ T3236] total_shmem 314191872
[  732.532171][ T3236] total_mapped_file 0
[  732.536248][ T3236] total_dirty 0
[  732.539877][ T3236] total_writeback 0
[  732.543749][ T3236] total_workingset_refault_anon 327
[  732.548962][ T3236] total_workingset_refault_file 15
[  732.554145][ T3236] total_swap 127844352
[  732.558278][ T3236] total_swapcached 86016
[  732.562841][ T3236] total_pgpgin 381299
[  732.570033][ T3236] total_pgpgout 305544
[  732.574507][ T3236] total_pgfault 129145
[  732.578830][ T3236] total_pgmajfault 117
[  732.583237][ T3236] total_inactive_anon 67887104
[  732.588070][ T3236] total_active_anon 246263808
[  732.593305][ T3236] total_inactive_file 0
[  732.597533][ T3236] total_active_file 0
[  732.601769][ T3236] total_unevictable 0
[  732.605901][ T3236] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3292,uid=0
[  732.620960][ T3236] Memory cgroup out of memory: Killed process 3292 (syz.1.11840) total-vm:90292kB, anon-rss:1288kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  732.684327][ T3291] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  732.744972][ T3291] CPU: 0 UID: 0 PID: 3291 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  732.745013][ T3291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  732.745029][ T3291] Call Trace:
[  732.745037][ T3291]  <TASK>
[  732.745046][ T3291]  __dump_stack+0x21/0x30
[  732.745084][ T3291]  dump_stack_lvl+0x10c/0x190
[  732.745115][ T3291]  ? __cfi_dump_stack_lvl+0x10/0x10
[  732.745146][ T3291]  ? ___ratelimit+0x3f7/0x5a0
[  732.745178][ T3291]  dump_stack+0x19/0x20
[  732.745208][ T3291]  dump_header+0xd7/0x490
[  732.745232][ T3291]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  732.745262][ T3291]  oom_kill_process+0x35d/0x640
[  732.745291][ T3291]  ? sched_clock_cpu+0x75/0x400
[  732.745323][ T3291]  out_of_memory+0x659/0xa80
[  732.745351][ T3291]  ? __cfi_out_of_memory+0x10/0x10
[  732.745389][ T3291]  ? mutex_lock_killable+0x104/0x1c0
[  732.745422][ T3291]  ? __cfi_mutex_lock_killable+0x10/0x10
[  732.745455][ T3291]  mem_cgroup_out_of_memory+0x279/0x350
[  732.745477][ T3291]  ? drain_obj_stock+0xed0/0xed0
[  732.745500][ T3291]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  732.745522][ T3291]  try_charge_memcg+0x8f7/0xde0
[  732.745551][ T3291]  ? __cfi_try_charge_memcg+0x10/0x10
[  732.745579][ T3291]  ? __alloc_pages_noprof+0x31f/0x7b0
[  732.745638][ T3291]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  732.745670][ T3291]  ? __folio_batch_add_and_move+0x2ab/0x370
[  732.745701][ T3291]  __mem_cgroup_charge+0xf6/0x410
[  732.745735][ T3291]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  732.745774][ T3291]  ? preempt_schedule_irq+0x9c/0x100
[  732.745805][ T3291]  ? __cfi_preempt_schedule_irq+0x10/0x10
[  732.745838][ T3291]  shmem_alloc_and_add_folio+0x86d/0x1050
[  732.745866][ T3291]  ? raw_irqentry_exit_cond_resched+0x33/0x40
[  732.745900][ T3291]  ? put_swap_device+0x130/0x130
[  732.745926][ T3291]  ? __sanitizer_cov_trace_pc+0x5/0x70
[  732.745957][ T3291]  ? shmem_huge_global_enabled+0x2da/0x360
[  732.745984][ T3291]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  732.746010][ T3291]  ? __kasan_check_write+0x18/0x20
[  732.746045][ T3291]  ? _raw_spin_lock+0x8c/0x120
[  732.746072][ T3291]  shmem_get_folio_gfp+0x5f0/0x1380
[  732.746101][ T3291]  ? shmem_get_folio+0xc0/0xc0
[  732.746124][ T3291]  ? follow_page_pte+0xa5c/0xb90
[  732.746155][ T3291]  ? inode_to_bdi+0x6d/0x100
[  732.746187][ T3291]  shmem_write_begin+0xf4/0x270
[  732.746215][ T3291]  generic_perform_write+0x32d/0x960
[  732.746251][ T3291]  ? __cfi_generic_perform_write+0x10/0x10
[  732.746285][ T3291]  ? down_write+0xe9/0x2a0
[  732.746307][ T3291]  ? file_update_time+0xa3/0x220
[  732.746337][ T3291]  shmem_file_write_iter+0x105/0x130
[  732.746368][ T3291]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  732.746397][ T3291]  __kernel_write_iter+0x41d/0x8e0
[  732.746418][ T3291]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  732.746448][ T3291]  ? __cfi___kernel_write_iter+0x10/0x10
[  732.746469][ T3291]  ? get_dump_page+0x160/0x220
[  732.746499][ T3291]  ? __asan_memset+0x39/0x50
[  732.746532][ T3291]  ? iov_iter_bvec+0xc0/0x180
[  732.746560][ T3291]  dump_user_range+0xb06/0xdf0
[  732.746590][ T3291]  ? __cfi_dump_emit+0x10/0x10
[  732.746623][ T3291]  ? __cfi_dump_user_range+0x10/0x10
[  732.746644][ T3291]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  732.746677][ T3291]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  732.746712][ T3291]  elf_core_dump+0x2ccc/0x3800
[  732.746742][ T3291]  ? __cfi_elf_core_dump+0x10/0x10
[  732.746777][ T3291]  ? dump_interrupted+0xf0/0xf0
[  732.746810][ T3291]  ? filp_open+0x182/0x1d0
[  732.746839][ T3291]  ? 0xffffffffff600000
[  732.746856][ T3291]  ? freezing_slow_path+0x12b/0x170
[  732.746887][ T3291]  do_coredump+0x1bf7/0x2bd0
[  732.746923][ T3291]  ? __cfi_do_coredump+0x10/0x10
[  732.746955][ T3291]  ? asm_exc_page_fault+0x2b/0x30
[  732.746984][ T3291]  ? __kasan_slab_free+0x6a/0x80
[  732.747009][ T3291]  ? kmem_cache_free+0x1c1/0x510
[  732.747032][ T3291]  ? get_signal+0xa75/0x14f0
[  732.747061][ T3291]  get_signal+0x11fd/0x14f0
[  732.747092][ T3291]  arch_do_signal_or_restart+0x96/0x720
[  732.747126][ T3291]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  732.747164][ T3291]  irqentry_exit_to_user_mode+0x4e/0xb0
[  732.747186][ T3291]  irqentry_exit+0x16/0x60
[  732.747208][ T3291]  exc_page_fault+0x66/0xc0
[  732.747228][ T3291]  asm_exc_page_fault+0x2b/0x30
[  732.747248][ T3291] RIP: 0033:0x7fc9cfe4f987
[  732.747267][ T3291] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  732.747288][ T3291] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  732.747310][ T3291] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  732.747327][ T3291] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  732.747345][ T3291] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  732.747360][ T3291] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  732.747375][ T3291] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  732.747395][ T3291]  </TASK>
[  732.747404][ T3291] memory: usage 297848kB, limit 307200kB, failcnt 58622
[  733.222763][ T3817] netlink: 56 bytes leftover after parsing attributes in process `syz.2.12029'.
[  733.227028][ T3291] memory+swap: usage 426264kB, limit 9007199254740988kB, failcnt 0
[  733.260918][ T3291] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  733.267820][ T3291] Memory cgroup stats for /syz1:
[  733.267987][ T3291] cache 311234560
[  733.287614][ T3291] rss 184320
[  733.291293][ T3291] rss_huge 0
[  733.297291][ T3291] shmem 311234560
[  733.301595][ T3291] mapped_file 0
[  733.305558][ T3291] dirty 0
[  733.308821][ T3823] netlink: 188 bytes leftover after parsing attributes in process `syz.5.12031'.
[  733.318167][ T3291] writeback 0
[  733.321593][ T3291] workingset_refault_anon 353
[  733.326541][ T3291] workingset_refault_file 15
[  733.330198][ T3823] netlink: 'syz.5.12031': attribute type 4 has an invalid length.
[  733.331264][ T3291] swap 127836160
[  733.342643][ T3291] swapcached 106496
[  733.346276][ T3823] netlink: 'syz.5.12031': attribute type 4 has an invalid length.
[  733.346479][ T3291] pgpgin 389945
[  733.346492][ T3291] pgpgout 314918
[  733.361481][ T3291] pgfault 129708
[  733.366753][ T3291] pgmajfault 131
[  733.370348][ T3291] inactive_anon 181055488
[  733.374694][ T3291] active_anon 130404352
[  733.378884][ T3291] inactive_file 0
[  733.382709][ T3291] active_file 0
[  733.386192][ T3291] unevictable 0
[  733.389698][ T3291] hierarchical_memory_limit 314572800
[  733.395072][ T3291] hierarchical_memsw_limit 9223372036854771712
[  733.401465][ T3291] total_cache 311234560
[  733.405635][ T3291] total_rss 184320
[  733.409580][ T3291] total_rss_huge 0
[  733.413596][ T3291] total_shmem 311234560
[  733.417809][ T3291] total_mapped_file 0
[  733.422122][ T3291] total_dirty 0
[  733.425593][ T3291] total_writeback 0
[  733.429408][ T3291] total_workingset_refault_anon 353
[  733.434886][ T3291] total_workingset_refault_file 15
[  733.440173][ T3291] total_swap 127836160
[  733.444264][ T3291] total_swapcached 106496
[  733.448606][ T3291] total_pgpgin 389945
[  733.452882][ T3291] total_pgpgout 314918
[  733.456968][ T3291] total_pgfault 129708
[  733.461808][ T3291] total_pgmajfault 131
[  733.465906][ T3291] total_inactive_anon 181055488
[  733.471024][ T3291] total_active_anon 130404352
[  733.475769][ T3291] total_inactive_file 0
[  733.480077][ T3291] total_active_file 0
[  733.484367][ T3291] total_unevictable 0
[  733.488369][ T3291] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3250,uid=0
[  733.503329][ T3291] Memory cgroup out of memory: Killed process 3250 (syz.1.11840) total-vm:90292kB, anon-rss:1160kB, file-rss:55068kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  733.541095][ T3261] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  733.596646][ T3261] CPU: 1 UID: 0 PID: 3261 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  733.596688][ T3261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  733.596704][ T3261] Call Trace:
[  733.596712][ T3261]  <TASK>
[  733.596723][ T3261]  __dump_stack+0x21/0x30
[  733.596759][ T3261]  dump_stack_lvl+0x10c/0x190
[  733.596789][ T3261]  ? __cfi_dump_stack_lvl+0x10/0x10
[  733.596818][ T3261]  ? ___ratelimit+0x3f7/0x5a0
[  733.596849][ T3261]  dump_stack+0x19/0x20
[  733.596878][ T3261]  dump_header+0xd7/0x490
[  733.596901][ T3261]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  733.596932][ T3261]  oom_kill_process+0x35d/0x640
[  733.596960][ T3261]  ? sched_clock_cpu+0x75/0x400
[  733.596991][ T3261]  out_of_memory+0x659/0xa80
[  733.597018][ T3261]  ? __cfi_out_of_memory+0x10/0x10
[  733.597045][ T3261]  ? mutex_lock_killable+0x104/0x1c0
[  733.597078][ T3261]  ? __cfi_mutex_lock_killable+0x10/0x10
[  733.597113][ T3261]  mem_cgroup_out_of_memory+0x279/0x350
[  733.597137][ T3261]  ? drain_obj_stock+0xed0/0xed0
[  733.597161][ T3261]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  733.597184][ T3261]  try_charge_memcg+0x8f7/0xde0
[  733.597216][ T3261]  ? __cfi_try_charge_memcg+0x10/0x10
[  733.597247][ T3261]  ? __alloc_pages_noprof+0x31f/0x7b0
[  733.597279][ T3261]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  733.597310][ T3261]  ? __folio_batch_add_and_move+0x2ab/0x370
[  733.597340][ T3261]  __mem_cgroup_charge+0xf6/0x410
[  733.597373][ T3261]  ? _raw_spin_lock+0x8c/0x120
[  733.597400][ T3261]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  733.597435][ T3261]  shmem_alloc_and_add_folio+0x86d/0x1050
[  733.597471][ T3261]  ? put_swap_device+0x130/0x130
[  733.597497][ T3261]  ? shmem_huge_global_enabled+0x2da/0x360
[  733.597524][ T3261]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  733.597550][ T3261]  ? __kasan_check_write+0x18/0x20
[  733.597585][ T3261]  ? _raw_spin_lock+0x8c/0x120
[  733.597612][ T3261]  shmem_get_folio_gfp+0x5f0/0x1380
[  733.597640][ T3261]  ? shmem_get_folio+0xc0/0xc0
[  733.597663][ T3261]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  733.597697][ T3261]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  733.597728][ T3261]  ? inode_to_bdi+0x6d/0x100
[  733.597759][ T3261]  shmem_write_begin+0xf4/0x270
[  733.597787][ T3261]  generic_perform_write+0x32d/0x960
[  733.597823][ T3261]  ? __cfi_generic_perform_write+0x10/0x10
[  733.597856][ T3261]  ? down_write+0xe9/0x2a0
[  733.597877][ T3261]  ? mnt_get_write_access_file+0x1af/0x3b0
[  733.597907][ T3261]  ? mnt_put_write_access_file+0xc2/0x100
[  733.597936][ T3261]  ? file_update_time+0x1ef/0x220
[  733.597966][ T3261]  shmem_file_write_iter+0x105/0x130
[  733.597996][ T3261]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  733.598026][ T3261]  __kernel_write_iter+0x41d/0x8e0
[  733.598048][ T3261]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  733.598080][ T3261]  ? __cfi___kernel_write_iter+0x10/0x10
[  733.598101][ T3261]  ? get_dump_page+0x160/0x220
[  733.598131][ T3261]  ? __asan_memset+0x39/0x50
[  733.598164][ T3261]  ? iov_iter_bvec+0xc0/0x180
[  733.598191][ T3261]  dump_user_range+0xb06/0xdf0
[  733.598214][ T3261]  ? __cfi_dump_emit+0x10/0x10
[  733.598248][ T3261]  ? __cfi_dump_user_range+0x10/0x10
[  733.598269][ T3261]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  733.598304][ T3261]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  733.598339][ T3261]  elf_core_dump+0x2ccc/0x3800
[  733.598370][ T3261]  ? __cfi_elf_core_dump+0x10/0x10
[  733.598404][ T3261]  ? dump_interrupted+0xf0/0xf0
[  733.598436][ T3261]  ? filp_open+0x182/0x1d0
[  733.598471][ T3261]  ? 0xffffffffff600000
[  733.598488][ T3261]  ? freezing_slow_path+0x12b/0x170
[  733.598521][ T3261]  do_coredump+0x1bf7/0x2bd0
[  733.598558][ T3261]  ? __cfi_do_coredump+0x10/0x10
[  733.598590][ T3261]  ? asm_exc_page_fault+0x2b/0x30
[  733.598621][ T3261]  ? __kasan_slab_free+0x6a/0x80
[  733.598647][ T3261]  ? kmem_cache_free+0x1c1/0x510
[  733.598668][ T3261]  ? get_signal+0xa75/0x14f0
[  733.598697][ T3261]  get_signal+0x11fd/0x14f0
[  733.598728][ T3261]  arch_do_signal_or_restart+0x96/0x720
[  733.598763][ T3261]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  733.598802][ T3261]  irqentry_exit_to_user_mode+0x4e/0xb0
[  733.598825][ T3261]  irqentry_exit+0x16/0x60
[  733.598846][ T3261]  exc_page_fault+0x66/0xc0
[  733.598867][ T3261]  asm_exc_page_fault+0x2b/0x30
[  733.598887][ T3261] RIP: 0033:0x7fc9cfe4f987
[  733.598905][ T3261] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  733.598925][ T3261] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  733.598945][ T3261] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  733.598961][ T3261] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  733.598977][ T3261] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  733.598992][ T3261] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  733.599007][ T3261] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  733.599028][ T3261]  </TASK>
[  733.769766][ T3261] memory: usage 281640kB, limit 307200kB, failcnt 58977
[  733.876401][ T3782] rust_binder: Error while translating object.
[  734.089513][ T3782] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  734.096003][ T3782] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:271
[  734.105657][ T3261] memory+swap: usage 412124kB, limit 9007199254740988kB, failcnt 0
[  734.123002][ T3261] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  734.149644][ T3261] Memory cgroup stats for /syz1:
[  734.149821][ T3261] cache 296165376
[  734.218030][ T3261] rss 356352
[  734.228321][ T3848] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  734.248327][ T3261] rss_huge 0
[  734.251611][ T3261] shmem 296165376
[  734.255276][ T3261] mapped_file 0
[  734.316126][ T3261] dirty 0
[  734.319127][ T3261] writeback 0
[  734.374085][ T3261] workingset_refault_anon 385
[  734.389687][ T3261] workingset_refault_file 15
[  734.390449][ T3853] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  734.424750][ T3261] swap 127950848
[  734.485296][ T3261] swapcached 36864
[  734.493699][ T3261] pgpgin 395002
[  734.497234][ T3261] pgpgout 323628
[  734.510001][ T3261] pgfault 130069
[  734.514333][ T3261] pgmajfault 139
[  734.518247][ T3261] inactive_anon 271527936
[  734.533165][ T3261] active_anon 24657920
[  734.540587][ T3261] inactive_file 0
[  734.544645][ T3261] active_file 0
[  734.548357][ T3261] unevictable 0
[  734.548987][ T3856] netlink: 188 bytes leftover after parsing attributes in process `syz.9.12042'.
[  734.557990][ T3261] hierarchical_memory_limit 314572800
[  734.566781][ T3261] hierarchical_memsw_limit 9223372036854771712
[  734.573224][ T3261] total_cache 296165376
[  734.577553][ T3261] total_rss 356352
[  734.583804][ T3261] total_rss_huge 0
[  734.587800][ T3261] total_shmem 296165376
[  734.592453][ T3261] total_mapped_file 0
[  734.596713][ T3261] total_dirty 0
[  734.600636][ T3261] total_writeback 0
[  734.600641][ T3856] netlink: 'syz.9.12042': attribute type 4 has an invalid length.
[  734.612481][ T3261] total_workingset_refault_anon 385
[  734.617789][ T3261] total_workingset_refault_file 15
[  734.623086][ T3261] total_swap 127950848
[  734.627257][ T3261] total_swapcached 36864
[  734.634228][ T3261] total_pgpgin 395002
[  734.638325][ T3261] total_pgpgout 323628
[  734.639795][ T3856] netlink: 'syz.9.12042': attribute type 4 has an invalid length.
[  734.642871][ T3261] total_pgfault 130069
[  734.654783][ T3261] total_pgmajfault 139
[  734.658963][ T3261] total_inactive_anon 271527936
[  734.664138][ T3261] total_active_anon 24657920
[  734.668938][ T3261] total_inactive_file 0
[  734.676057][ T3261] total_active_file 0
[  734.680405][ T3261] total_unevictable 0
[  734.684469][ T3261] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3236,uid=0
[  734.703209][ T3261] Memory cgroup out of memory: Killed process 3236 (syz.1.11840) total-vm:90292kB, anon-rss:1160kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  734.743787][ T3280] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  734.767035][ T3280] CPU: 0 UID: 0 PID: 3280 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  734.767078][ T3280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  734.767094][ T3280] Call Trace:
[  734.767103][ T3280]  <TASK>
[  734.767113][ T3280]  __dump_stack+0x21/0x30
[  734.767149][ T3280]  dump_stack_lvl+0x10c/0x190
[  734.767178][ T3280]  ? __cfi_dump_stack_lvl+0x10/0x10
[  734.767226][ T3280]  ? ___ratelimit+0x3f7/0x5a0
[  734.767259][ T3280]  dump_stack+0x19/0x20
[  734.767289][ T3280]  dump_header+0xd7/0x490
[  734.767313][ T3280]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  734.767352][ T3280]  oom_kill_process+0x35d/0x640
[  734.767380][ T3280]  ? sched_clock_cpu+0x75/0x400
[  734.767414][ T3280]  out_of_memory+0x659/0xa80
[  734.767443][ T3280]  ? __cfi_out_of_memory+0x10/0x10
[  734.767472][ T3280]  ? mutex_lock_killable+0x104/0x1c0
[  734.767509][ T3280]  ? __cfi_mutex_lock_killable+0x10/0x10
[  734.767547][ T3280]  mem_cgroup_out_of_memory+0x279/0x350
[  734.767572][ T3280]  ? drain_obj_stock+0xed0/0xed0
[  734.767597][ T3280]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  734.767621][ T3280]  try_charge_memcg+0x8f7/0xde0
[  734.767655][ T3280]  ? __cfi_try_charge_memcg+0x10/0x10
[  734.767687][ T3280]  ? __alloc_pages_noprof+0x31f/0x7b0
[  734.767721][ T3280]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  734.767754][ T3280]  ? __folio_batch_add_and_move+0x2ab/0x370
[  734.767786][ T3280]  __mem_cgroup_charge+0xf6/0x410
[  734.767821][ T3280]  ? _raw_spin_lock+0x8c/0x120
[  734.767849][ T3280]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  734.767886][ T3280]  shmem_alloc_and_add_folio+0x86d/0x1050
[  734.767918][ T3280]  ? put_swap_device+0x130/0x130
[  734.767945][ T3280]  ? shmem_huge_global_enabled+0x2da/0x360
[  734.767972][ T3280]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  734.767998][ T3280]  ? __kasan_check_write+0x18/0x20
[  734.768034][ T3280]  ? _raw_spin_lock+0x8c/0x120
[  734.768062][ T3280]  shmem_get_folio_gfp+0x5f0/0x1380
[  734.768092][ T3280]  ? shmem_get_folio+0xc0/0xc0
[  734.768116][ T3280]  ? follow_page_pte+0xa5c/0xb90
[  734.768148][ T3280]  ? inode_to_bdi+0x6d/0x100
[  734.768182][ T3280]  shmem_write_begin+0xf4/0x270
[  734.768212][ T3280]  generic_perform_write+0x32d/0x960
[  734.768249][ T3280]  ? __cfi_generic_perform_write+0x10/0x10
[  734.768283][ T3280]  ? down_write+0xe9/0x2a0
[  734.768306][ T3280]  ? file_update_time+0xa3/0x220
[  734.768349][ T3280]  shmem_file_write_iter+0x105/0x130
[  734.768381][ T3280]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  734.768425][ T3280]  __kernel_write_iter+0x41d/0x8e0
[  734.768447][ T3280]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  734.768480][ T3280]  ? __cfi___kernel_write_iter+0x10/0x10
[  734.768501][ T3280]  ? get_dump_page+0x160/0x220
[  734.768530][ T3280]  ? __asan_memset+0x39/0x50
[  734.768564][ T3280]  ? iov_iter_bvec+0xc0/0x180
[  734.768593][ T3280]  dump_user_range+0xb06/0xdf0
[  734.768616][ T3280]  ? __cfi_dump_emit+0x10/0x10
[  734.768651][ T3280]  ? __cfi_dump_user_range+0x10/0x10
[  734.768673][ T3280]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  734.768708][ T3280]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  734.768744][ T3280]  elf_core_dump+0x2ccc/0x3800
[  734.768775][ T3280]  ? __cfi_elf_core_dump+0x10/0x10
[  734.768810][ T3280]  ? dump_interrupted+0xf0/0xf0
[  734.768843][ T3280]  ? filp_open+0x182/0x1d0
[  734.768873][ T3280]  ? 0xffffffffff600000
[  734.768891][ T3280]  ? freezing_slow_path+0x12b/0x170
[  734.768924][ T3280]  do_coredump+0x1bf7/0x2bd0
[  734.768962][ T3280]  ? __cfi_do_coredump+0x10/0x10
[  734.768994][ T3280]  ? asm_exc_page_fault+0x2b/0x30
[  734.769024][ T3280]  ? __kasan_slab_free+0x6a/0x80
[  734.769050][ T3280]  ? kmem_cache_free+0x1c1/0x510
[  734.769072][ T3280]  ? get_signal+0xa75/0x14f0
[  734.769102][ T3280]  get_signal+0x11fd/0x14f0
[  734.769133][ T3280]  arch_do_signal_or_restart+0x96/0x720
[  734.769169][ T3280]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  734.769209][ T3280]  irqentry_exit_to_user_mode+0x4e/0xb0
[  734.769232][ T3280]  irqentry_exit+0x16/0x60
[  734.769254][ T3280]  exc_page_fault+0x66/0xc0
[  734.769275][ T3280]  asm_exc_page_fault+0x2b/0x30
[  734.769296][ T3280] RIP: 0033:0x7fc9cfe4f987
[  734.769315][ T3280] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  734.769341][ T3280] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  734.769364][ T3280] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  734.769382][ T3280] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  734.769399][ T3280] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  734.769415][ T3280] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  734.769431][ T3280] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  734.769452][ T3280]  </TASK>
[  734.769462][ T3280] memory: usage 306372kB, limit 307200kB, failcnt 59194
[  735.231722][ T3875] netlink: 'syz.5.12049': attribute type 28 has an invalid length.
[  735.233144][ T3280] memory+swap: usage 393344kB, limit 9007199254740988kB, failcnt 0
[  735.258838][ T3280] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  735.265769][ T3280] Memory cgroup stats for /syz1:
[  735.265932][ T3280] cache 274591744
[  735.274588][ T3280] rss 204800
[  735.279555][ T3280] rss_huge 0
[  735.282823][ T3280] shmem 274591744
[  735.286479][ T3280] mapped_file 0
[  735.291578][ T3280] dirty 0
[  735.294569][ T3280] writeback 0
[  735.298028][ T3280] workingset_refault_anon 386
[  735.302879][ T3280] workingset_refault_file 15
[  735.307612][ T3280] swap 127971328
[  735.311319][ T3280] swapcached 20480
[  735.315133][ T3280] pgpgin 399548
[  735.318674][ T3280] pgpgout 333477
[  735.322342][ T3280] pgfault 130648
[  735.325967][ T3280] pgmajfault 140
[  735.329656][ T3280] inactive_anon 127959040
[  735.334013][ T3280] active_anon 146591744
[  735.338188][ T3280] inactive_file 0
[  735.341888][ T3280] active_file 0
[  735.345373][ T3280] unevictable 0
[  735.348849][ T3280] hierarchical_memory_limit 314572800
[  735.354289][ T3280] hierarchical_memsw_limit 9223372036854771712
[  735.360508][ T3280] total_cache 274591744
[  735.364705][ T3280] total_rss 204800
[  735.368442][ T3280] total_rss_huge 0
[  735.372241][ T3280] total_shmem 274591744
[  735.376423][ T3280] total_mapped_file 0
[  735.380462][ T3280] total_dirty 0
[  735.383937][ T3280] total_writeback 0
[  735.387761][ T3280] total_workingset_refault_anon 386
[  735.393040][ T3280] total_workingset_refault_file 15
[  735.398166][ T3280] total_swap 127971328
[  735.402306][ T3280] total_swapcached 20480
[  735.406646][ T3280] total_pgpgin 399548
[  735.410709][ T3280] total_pgpgout 333477
[  735.414793][ T3280] total_pgfault 130648
[  735.418875][ T3280] total_pgmajfault 140
[  735.423032][ T3280] total_inactive_anon 127959040
[  735.427895][ T3280] total_active_anon 146591744
[  735.432760][ T3280] total_inactive_file 0
[  735.436983][ T3280] total_active_file 0
[  735.441195][ T3280] total_unevictable 0
[  735.445210][ T3280] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3260,uid=0
[  735.469661][ T3280] Memory cgroup out of memory: Killed process 3260 (syz.1.11840) total-vm:90292kB, anon-rss:1160kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  735.536971][ T3245] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  735.589650][ T3245] CPU: 0 UID: 0 PID: 3245 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  735.589690][ T3245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  735.589704][ T3245] Call Trace:
[  735.589712][ T3245]  <TASK>
[  735.589720][ T3245]  __dump_stack+0x21/0x30
[  735.589755][ T3245]  dump_stack_lvl+0x10c/0x190
[  735.589783][ T3245]  ? __cfi_dump_stack_lvl+0x10/0x10
[  735.589811][ T3245]  ? ___ratelimit+0x3f7/0x5a0
[  735.589842][ T3245]  dump_stack+0x19/0x20
[  735.589870][ T3245]  dump_header+0xd7/0x490
[  735.589893][ T3245]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  735.589922][ T3245]  oom_kill_process+0x35d/0x640
[  735.589950][ T3245]  ? sched_clock_cpu+0x75/0x400
[  735.589982][ T3245]  out_of_memory+0x659/0xa80
[  735.590009][ T3245]  ? __cfi_out_of_memory+0x10/0x10
[  735.590037][ T3245]  ? mutex_lock_killable+0x104/0x1c0
[  735.590071][ T3245]  ? __cfi_mutex_lock_killable+0x10/0x10
[  735.590106][ T3245]  mem_cgroup_out_of_memory+0x279/0x350
[  735.590130][ T3245]  ? drain_obj_stock+0xed0/0xed0
[  735.590153][ T3245]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  735.590175][ T3245]  try_charge_memcg+0x8f7/0xde0
[  735.590207][ T3245]  ? __cfi_try_charge_memcg+0x10/0x10
[  735.590244][ T3245]  ? __alloc_pages_noprof+0x31f/0x7b0
[  735.590276][ T3245]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  735.590307][ T3245]  ? __folio_batch_add_and_move+0x2ab/0x370
[  735.590338][ T3245]  __mem_cgroup_charge+0xf6/0x410
[  735.590370][ T3245]  ? _raw_spin_lock+0x8c/0x120
[  735.590408][ T3245]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  735.590441][ T3245]  shmem_alloc_and_add_folio+0x86d/0x1050
[  735.590471][ T3245]  ? put_swap_device+0x130/0x130
[  735.590495][ T3245]  ? shmem_huge_global_enabled+0x2da/0x360
[  735.590520][ T3245]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  735.590544][ T3245]  ? __kasan_check_write+0x18/0x20
[  735.590576][ T3245]  ? _raw_spin_lock+0x8c/0x120
[  735.590600][ T3245]  shmem_get_folio_gfp+0x5f0/0x1380
[  735.590627][ T3245]  ? shmem_get_folio+0xc0/0xc0
[  735.590649][ T3245]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  735.590680][ T3245]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  735.590709][ T3245]  ? inode_to_bdi+0x6d/0x100
[  735.590738][ T3245]  shmem_write_begin+0xf4/0x270
[  735.590763][ T3245]  generic_perform_write+0x32d/0x960
[  735.590796][ T3245]  ? __cfi_generic_perform_write+0x10/0x10
[  735.590826][ T3245]  ? down_write+0xe9/0x2a0
[  735.590862][ T3245]  ? mnt_get_write_access_file+0x1af/0x3b0
[  735.590891][ T3245]  ? mnt_put_write_access_file+0xc2/0x100
[  735.590920][ T3245]  ? file_update_time+0x1ef/0x220
[  735.590950][ T3245]  shmem_file_write_iter+0x105/0x130
[  735.590980][ T3245]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  735.591010][ T3245]  __kernel_write_iter+0x41d/0x8e0
[  735.591031][ T3245]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  735.591061][ T3245]  ? __cfi___kernel_write_iter+0x10/0x10
[  735.591082][ T3245]  ? get_dump_page+0x160/0x220
[  735.591111][ T3245]  ? __asan_memset+0x39/0x50
[  735.591143][ T3245]  ? iov_iter_bvec+0xc0/0x180
[  735.591171][ T3245]  dump_user_range+0xb06/0xdf0
[  735.591194][ T3245]  ? __cfi_dump_emit+0x10/0x10
[  735.591236][ T3245]  ? __cfi_dump_user_range+0x10/0x10
[  735.591258][ T3245]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  735.591292][ T3245]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  735.591327][ T3245]  elf_core_dump+0x2ccc/0x3800
[  735.591357][ T3245]  ? __cfi_elf_core_dump+0x10/0x10
[  735.591389][ T3245]  ? dump_interrupted+0xf0/0xf0
[  735.591421][ T3245]  ? filp_open+0x182/0x1d0
[  735.591449][ T3245]  ? 0xffffffffff600000
[  735.591466][ T3245]  ? freezing_slow_path+0x12b/0x170
[  735.591498][ T3245]  do_coredump+0x1bf7/0x2bd0
[  735.591534][ T3245]  ? __cfi_do_coredump+0x10/0x10
[  735.591565][ T3245]  ? asm_exc_page_fault+0x2b/0x30
[  735.591593][ T3245]  ? __kasan_slab_free+0x6a/0x80
[  735.591619][ T3245]  ? kmem_cache_free+0x1c1/0x510
[  735.591641][ T3245]  ? get_signal+0xa75/0x14f0
[  735.591669][ T3245]  get_signal+0x11fd/0x14f0
[  735.591701][ T3245]  arch_do_signal_or_restart+0x96/0x720
[  735.591738][ T3245]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  735.591774][ T3245]  irqentry_exit_to_user_mode+0x4e/0xb0
[  735.591796][ T3245]  irqentry_exit+0x16/0x60
[  735.591817][ T3245]  exc_page_fault+0x66/0xc0
[  735.591839][ T3245]  asm_exc_page_fault+0x2b/0x30
[  735.591859][ T3245] RIP: 0033:0x7fc9cfe4f987
[  735.591878][ T3245] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  735.591899][ T3245] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  735.591921][ T3245] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  735.591938][ T3245] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  735.591955][ T3245] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  735.591990][ T3245] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  735.592005][ T3245] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  735.592026][ T3245]  </TASK>
[  735.592037][ T3245] memory: usage 300476kB, limit 307200kB, failcnt 59558
[  736.094075][ T3245] memory+swap: usage 419816kB, limit 9007199254740988kB, failcnt 0
[  736.103434][ T3245] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  736.110380][ T3245] Memory cgroup stats for /syz1:
[  736.110524][ T3245] cache 302202880
[  736.124103][ T3883] fuse: Unknown parameter 'roSÎ\<Ù"lü»î¯ç ø»—otmos`F’de'
[  736.148093][ T3245] rss 495616
[  736.165146][ T3245] rss_huge 0
[  736.170474][ T3245] shmem 302202880
[  736.175751][ T3245] mapped_file 0
[  736.179584][ T3245] dirty 0
[  736.182711][ T3245] writeback 0
[  736.187299][ T3245] workingset_refault_anon 485
[  736.209275][ T3245] workingset_refault_file 15
[  736.229649][ T3245] swap 127840256
[  736.233247][ T3245] swapcached 147456
[  736.237073][ T3245] pgpgin 415771
[  736.261143][ T3245] pgpgout 342863
[  736.273171][ T3245] pgfault 131551
[  736.279015][ T3245] pgmajfault 168
[  736.285701][ T3245] inactive_anon 256614400
[  736.290767][ T3245] active_anon 45891584
[  736.296168][ T3245] inactive_file 0
[  736.300478][ T3245] active_file 0
[  736.309674][ T3245] unevictable 0
[  736.313872][ T3245] hierarchical_memory_limit 314572800
[  736.319500][ T3245] hierarchical_memsw_limit 9223372036854771712
[  736.326131][ T3245] total_cache 302202880
[  736.331070][ T3245] total_rss 495616
[  736.334864][ T3245] total_rss_huge 0
[  736.338705][ T3245] total_shmem 302202880
[  736.343780][ T3245] total_mapped_file 0
[  736.347878][ T3245] total_dirty 0
[  736.361801][ T3245] total_writeback 0
[  736.368475][ T3245] total_workingset_refault_anon 485
[  736.376622][ T3245] total_workingset_refault_file 15
[  736.382103][ T3245] total_swap 127840256
[  736.386249][ T3245] total_swapcached 147456
[  736.390850][ T3245] total_pgpgin 415771
[  736.394873][ T3245] total_pgpgout 342863
[  736.398964][ T3245] total_pgfault 131551
[  736.405455][ T3245] total_pgmajfault 168
[  736.409548][ T3245] total_inactive_anon 256614400
[  736.414616][ T3245] total_active_anon 45891584
[  736.420891][ T3245] total_inactive_file 0
[  736.425133][ T3245] total_active_file 0
[  736.429181][ T3245] total_unevictable 0
[  736.433210][ T3245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3261,uid=0
[  736.448255][ T3245] Memory cgroup out of memory: Killed process 3261 (syz.1.11840) total-vm:90292kB, anon-rss:1288kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  736.597015][ T3280] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  736.615012][ T3280] CPU: 1 UID: 0 PID: 3280 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  736.615049][ T3280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  736.615063][ T3280] Call Trace:
[  736.615071][ T3280]  <TASK>
[  736.615078][ T3280]  __dump_stack+0x21/0x30
[  736.615110][ T3280]  dump_stack_lvl+0x10c/0x190
[  736.615142][ T3280]  ? __cfi_dump_stack_lvl+0x10/0x10
[  736.615171][ T3280]  ? ___ratelimit+0x3f7/0x5a0
[  736.615201][ T3280]  dump_stack+0x19/0x20
[  736.615228][ T3280]  dump_header+0xd7/0x490
[  736.615249][ T3280]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  736.615276][ T3280]  oom_kill_process+0x35d/0x640
[  736.615302][ T3280]  ? sched_clock_cpu+0x75/0x400
[  736.615330][ T3280]  out_of_memory+0x659/0xa80
[  736.615355][ T3280]  ? __cfi_out_of_memory+0x10/0x10
[  736.615381][ T3280]  ? mutex_lock_killable+0x92/0x1c0
[  736.615413][ T3280]  ? __cfi_mutex_lock_killable+0x10/0x10
[  736.615446][ T3280]  mem_cgroup_out_of_memory+0x279/0x350
[  736.615467][ T3280]  ? drain_obj_stock+0xed0/0xed0
[  736.615489][ T3280]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  736.615509][ T3280]  try_charge_memcg+0x8f7/0xde0
[  736.615538][ T3280]  ? __cfi_try_charge_memcg+0x10/0x10
[  736.615565][ T3280]  ? __alloc_pages_noprof+0x31f/0x7b0
[  736.615595][ T3280]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  736.615623][ T3280]  ? __folio_batch_add_and_move+0x2ab/0x370
[  736.615651][ T3280]  __mem_cgroup_charge+0xf6/0x410
[  736.615683][ T3280]  ? _raw_spin_lock+0x8c/0x120
[  736.615707][ T3280]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  736.615741][ T3280]  shmem_alloc_and_add_folio+0x86d/0x1050
[  736.615769][ T3280]  ? put_swap_device+0x130/0x130
[  736.615795][ T3280]  ? shmem_huge_global_enabled+0x2da/0x360
[  736.615819][ T3280]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  736.615843][ T3280]  ? __kasan_check_write+0x18/0x20
[  736.615875][ T3280]  ? _raw_spin_lock+0x8c/0x120
[  736.615900][ T3280]  shmem_get_folio_gfp+0x5f0/0x1380
[  736.615926][ T3280]  ? shmem_get_folio+0xc0/0xc0
[  736.615948][ T3280]  ? follow_page_pte+0xa5c/0xb90
[  736.615977][ T3280]  ? inode_to_bdi+0x6d/0x100
[  736.616007][ T3280]  shmem_write_begin+0xf4/0x270
[  736.616034][ T3280]  generic_perform_write+0x32d/0x960
[  736.616067][ T3280]  ? __cfi_generic_perform_write+0x10/0x10
[  736.616098][ T3280]  ? down_write+0xe9/0x2a0
[  736.616119][ T3280]  ? file_update_time+0xa3/0x220
[  736.616154][ T3280]  shmem_file_write_iter+0x105/0x130
[  736.616183][ T3280]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  736.616212][ T3280]  __kernel_write_iter+0x41d/0x8e0
[  736.616232][ T3280]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  736.616262][ T3280]  ? __cfi___kernel_write_iter+0x10/0x10
[  736.616281][ T3280]  ? get_dump_page+0x160/0x220
[  736.616309][ T3280]  ? __asan_memset+0x39/0x50
[  736.616340][ T3280]  ? iov_iter_bvec+0xc0/0x180
[  736.616368][ T3280]  dump_user_range+0xb06/0xdf0
[  736.616390][ T3280]  ? __cfi_dump_emit+0x10/0x10
[  736.616422][ T3280]  ? __cfi_dump_user_range+0x10/0x10
[  736.616443][ T3280]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  736.616475][ T3280]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  736.616508][ T3280]  elf_core_dump+0x2ccc/0x3800
[  736.616536][ T3280]  ? __cfi_elf_core_dump+0x10/0x10
[  736.616569][ T3280]  ? dump_interrupted+0xf0/0xf0
[  736.616599][ T3280]  ? filp_open+0x182/0x1d0
[  736.616626][ T3280]  ? 0xffffffffff600000
[  736.616642][ T3280]  ? freezing_slow_path+0x12b/0x170
[  736.616673][ T3280]  do_coredump+0x1bf7/0x2bd0
[  736.616708][ T3280]  ? __cfi_do_coredump+0x10/0x10
[  736.616738][ T3280]  ? asm_exc_page_fault+0x2b/0x30
[  736.616766][ T3280]  ? __kasan_slab_free+0x6a/0x80
[  736.616790][ T3280]  ? kmem_cache_free+0x1c1/0x510
[  736.616811][ T3280]  ? get_signal+0xa75/0x14f0
[  736.616839][ T3280]  get_signal+0x11fd/0x14f0
[  736.616869][ T3280]  arch_do_signal_or_restart+0x96/0x720
[  736.616904][ T3280]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  736.616940][ T3280]  irqentry_exit_to_user_mode+0x4e/0xb0
[  736.616963][ T3280]  irqentry_exit+0x16/0x60
[  736.616982][ T3280]  exc_page_fault+0x66/0xc0
[  736.617002][ T3280]  asm_exc_page_fault+0x2b/0x30
[  736.617021][ T3280] RIP: 0033:0x7fc9cfe4f987
[  736.617039][ T3280] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  736.617059][ T3280] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  736.617079][ T3280] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  736.617098][ T3280] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  736.617114][ T3280] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  736.617133][ T3280] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  736.617148][ T3280] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  736.617167][ T3280]  </TASK>
[  736.617240][ T3280] memory: usage 306928kB, limit 307200kB, failcnt 61408
[  736.997679][ T3931] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  737.010028][ T3280] memory+swap: usage 394720kB, limit 9007199254740988kB, failcnt 0
[  737.105788][ T3280] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  737.106176][ T3947] overlayfs: failed to clone upperpath
[  737.113069][ T3280] Memory cgroup stats for /syz1:
[  737.118653][ T3280] cache 279650304
[  737.128478][ T3280] rss 577536
[  737.131884][ T3280] rss_huge 0
[  737.137077][ T3280] shmem 279650304
[  737.141301][ T3280] mapped_file 0
[  737.146252][ T3280] dirty 0
[  737.149214][ T3280] writeback 0
[  737.153424][ T3280] workingset_refault_anon 520
[  737.158126][ T3280] workingset_refault_file 15
[  737.177934][ T3280] swap 123801600
[  737.181989][ T3280] swapcached 192512
[  737.185824][ T3280] pgpgin 418662
[  737.189342][ T3280] pgpgout 351229
[  737.193186][ T3280] pgfault 131645
[  737.196754][ T3280] pgmajfault 177
[  737.200552][ T3280] inactive_anon 261713920
[  737.204897][ T3280] active_anon 18677760
[  737.208972][ T3280] inactive_file 0
[  737.212958][ T3280] active_file 0
[  737.216437][ T3280] unevictable 0
[  737.220600][ T3280] hierarchical_memory_limit 314572800
[  737.226297][ T3280] hierarchical_memsw_limit 9223372036854771712
[  737.232884][ T3280] total_cache 279650304
[  737.237104][ T3280] total_rss 577536
[  737.243288][ T3280] total_rss_huge 0
[  737.247050][ T3280] total_shmem 279650304
[  737.251566][ T3280] total_mapped_file 0
[  737.255759][ T3280] total_dirty 0
[  737.259235][ T3280] total_writeback 0
[  737.263098][   T36] audit: type=1400 audit(2000005005.869:128016): avc:  denied  { accept } for  pid=3969 comm="syz.5.12086" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  737.270855][ T3280] total_workingset_refault_anon 520
[  737.288902][ T3280] total_workingset_refault_file 15
[  737.292488][ T3972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=48684 sclass=netlink_route_socket pid=3972 comm=syz.2.12087
[  737.294079][ T3280] total_swap 123801600
[  737.310885][ T3280] total_swapcached 192512
[  737.315226][ T3280] total_pgpgin 418662
[  737.319214][ T3280] total_pgpgout 351229
[  737.323335][ T3280] total_pgfault 131645
[  737.327413][ T3280] total_pgmajfault 177
[  737.331522][ T3280] total_inactive_anon 261713920
[  737.336399][ T3280] total_active_anon 18677760
[  737.340348][ T3974] tipc: Started in network mode
[  737.341150][ T3280] total_inactive_file 0
[  737.346181][ T3974] tipc: Node identity b9, cluster identity 4711
[  737.350042][ T3280] total_active_file 0
[  737.350058][ T3280] total_unevictable 0
[  737.350069][ T3280] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  737.356651][ T3974] tipc: Node number set to 185
[  737.360425][ T3280] ,cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3291,uid=0
[  737.360501][ T3280] Memory cgroup out of memory: Killed process 3291 (syz.1.11840) total-vm:90292kB, anon-rss:1288kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  737.519559][   T36] audit: type=1400 audit(2000005006.119:128017): avc:  denied  { setattr } for  pid=3854 comm="syz.1.12043" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  737.650303][ T3283] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  737.680036][ T3283] CPU: 1 UID: 0 PID: 3283 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  737.680079][ T3283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  737.680094][ T3283] Call Trace:
[  737.680102][ T3283]  <TASK>
[  737.680111][ T3283]  __dump_stack+0x21/0x30
[  737.680144][ T3283]  dump_stack_lvl+0x10c/0x190
[  737.680171][ T3283]  ? __cfi_dump_stack_lvl+0x10/0x10
[  737.680198][ T3283]  ? ___ratelimit+0x3f7/0x5a0
[  737.680229][ T3283]  dump_stack+0x19/0x20
[  737.680256][ T3283]  dump_header+0xd7/0x490
[  737.680278][ T3283]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  737.680306][ T3283]  oom_kill_process+0x35d/0x640
[  737.680331][ T3283]  ? sched_clock_cpu+0x75/0x400
[  737.680360][ T3283]  out_of_memory+0x659/0xa80
[  737.680385][ T3283]  ? __cfi_out_of_memory+0x10/0x10
[  737.680409][ T3283]  ? mutex_lock_killable+0x92/0x1c0
[  737.680440][ T3283]  ? __cfi_mutex_lock_killable+0x10/0x10
[  737.680474][ T3283]  mem_cgroup_out_of_memory+0x279/0x350
[  737.680513][ T3283]  ? drain_obj_stock+0xed0/0xed0
[  737.680537][ T3283]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  737.680559][ T3283]  try_charge_memcg+0x8f7/0xde0
[  737.680592][ T3283]  ? __cfi_try_charge_memcg+0x10/0x10
[  737.680621][ T3283]  ? __alloc_pages_noprof+0x31f/0x7b0
[  737.680652][ T3283]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  737.680682][ T3283]  ? __folio_batch_add_and_move+0x2fe/0x370
[  737.680711][ T3283]  __mem_cgroup_charge+0xf6/0x410
[  737.680744][ T3283]  ? _raw_spin_lock+0x8c/0x120
[  737.680770][ T3283]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  737.680806][ T3283]  shmem_alloc_and_add_folio+0x86d/0x1050
[  737.680837][ T3283]  ? put_swap_device+0x130/0x130
[  737.680863][ T3283]  ? shmem_huge_global_enabled+0x2da/0x360
[  737.680889][ T3283]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  737.680914][ T3283]  ? __kasan_check_write+0x18/0x20
[  737.680947][ T3283]  ? _raw_spin_lock+0x8c/0x120
[  737.680972][ T3283]  shmem_get_folio_gfp+0x5f0/0x1380
[  737.681000][ T3283]  ? shmem_get_folio+0xc0/0xc0
[  737.681023][ T3283]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  737.681079][ T3283]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  737.681113][ T3283]  ? inode_to_bdi+0x6d/0x100
[  737.681161][ T3283]  shmem_write_begin+0xf4/0x270
[  737.681196][ T3283]  generic_perform_write+0x32d/0x960
[  737.681233][ T3283]  ? __cfi_generic_perform_write+0x10/0x10
[  737.681266][ T3283]  ? down_write+0xe9/0x2a0
[  737.681288][ T3283]  ? mnt_get_write_access_file+0x1af/0x3b0
[  737.681319][ T3283]  ? mnt_put_write_access_file+0xc2/0x100
[  737.681351][ T3283]  ? file_update_time+0x1ef/0x220
[  737.681382][ T3283]  shmem_file_write_iter+0x105/0x130
[  737.681413][ T3283]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  737.681445][ T3283]  __kernel_write_iter+0x41d/0x8e0
[  737.681466][ T3283]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  737.681498][ T3283]  ? __cfi___kernel_write_iter+0x10/0x10
[  737.681519][ T3283]  ? get_dump_page+0x160/0x220
[  737.681550][ T3283]  ? __asan_memset+0x39/0x50
[  737.681585][ T3283]  ? iov_iter_bvec+0xc0/0x180
[  737.681615][ T3283]  dump_user_range+0xb06/0xdf0
[  737.681638][ T3283]  ? __cfi_dump_emit+0x10/0x10
[  737.681672][ T3283]  ? __cfi_dump_user_range+0x10/0x10
[  737.681696][ T3283]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  737.681731][ T3283]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  737.681766][ T3283]  elf_core_dump+0x2ccc/0x3800
[  737.681796][ T3283]  ? __cfi_elf_core_dump+0x10/0x10
[  737.681832][ T3283]  ? dump_interrupted+0xf0/0xf0
[  737.681866][ T3283]  ? filp_open+0x182/0x1d0
[  737.681896][ T3283]  ? 0xffffffffff600000
[  737.681915][ T3283]  ? freezing_slow_path+0x12b/0x170
[  737.681949][ T3283]  do_coredump+0x1bf7/0x2bd0
[  737.681987][ T3283]  ? __cfi_do_coredump+0x10/0x10
[  737.682019][ T3283]  ? asm_exc_page_fault+0x2b/0x30
[  737.682056][ T3283]  ? __kasan_slab_free+0x6a/0x80
[  737.682082][ T3283]  ? kmem_cache_free+0x1c1/0x510
[  737.682105][ T3283]  ? get_signal+0xa75/0x14f0
[  737.682136][ T3283]  get_signal+0x11fd/0x14f0
[  737.682170][ T3283]  arch_do_signal_or_restart+0x96/0x720
[  737.682206][ T3283]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  737.682245][ T3283]  irqentry_exit_to_user_mode+0x4e/0xb0
[  737.682269][ T3283]  irqentry_exit+0x16/0x60
[  737.682290][ T3283]  exc_page_fault+0x66/0xc0
[  737.682311][ T3283]  asm_exc_page_fault+0x2b/0x30
[  737.682331][ T3283] RIP: 0033:0x7fc9cfe4f987
[  737.682351][ T3283] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  737.682372][ T3283] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  737.682396][ T3283] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  737.682414][ T3283] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  737.682431][ T3283] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  737.682447][ T3283] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  737.682463][ T3283] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  737.682484][ T3283]  </TASK>
[  737.682494][ T3283] memory: usage 298592kB, limit 307200kB, failcnt 63094
[  737.959091][ T4001] netlink: 44 bytes leftover after parsing attributes in process `syz.9.12097'.
[  737.961231][ T3283] memory+swap: usage 396720kB, limit 9007199254740988kB, failcnt 0
[  737.965720][   T36] audit: type=1400 audit(2000005006.559:128018): avc:  denied  { accept } for  pid=4000 comm="syz.9.12097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  738.129880][ T4001] netlink: 59 bytes leftover after parsing attributes in process `syz.9.12097'.
[  738.200366][ T3283] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  738.225079][ T4001] netlink: 59 bytes leftover after parsing attributes in process `syz.9.12097'.
[  738.234698][ T4008] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  738.306716][ T3283] Memory cgroup stats for /syz1:
[  738.306879][ T3283] cache 287928320
[  738.335789][ T3283] rss 495616
[  738.340619][ T3283] rss_huge 0
[  738.343848][ T3283] shmem 287928320
[  738.357613][ T3283] mapped_file 0
[  738.367722][ T3283] dirty 0
[  738.377827][ T3283] writeback 0
[  738.387914][ T3283] workingset_refault_anon 582
[  738.398046][ T3283] workingset_refault_file 15
[  738.410246][ T3283] swap 127905792
[  738.413833][ T3283] swapcached 86016
[  738.417565][ T3283] pgpgin 432077
[  738.447218][ T3283] pgpgout 362670
[  738.453739][ T3283] pgfault 132400
[  738.460627][ T3283] pgmajfault 190
[  738.464266][ T3283] inactive_anon 210059264
[  738.468659][ T3283] active_anon 78032896
[  738.472761][ T3283] inactive_file 0
[  738.476446][ T3283] active_file 0
[  738.479944][ T3283] unevictable 0
[  738.483536][ T3283] hierarchical_memory_limit 314572800
[  738.491381][ T3283] hierarchical_memsw_limit 9223372036854771712
[  738.497605][ T3283] total_cache 287928320
[  738.501891][ T3283] total_rss 495616
[  738.505643][ T3283] total_rss_huge 0
[  738.509386][ T3283] total_shmem 287928320
[  738.513600][ T3283] total_mapped_file 0
[  738.517591][ T3283] total_dirty 0
[  738.521212][ T3283] total_writeback 0
[  738.525079][ T3283] total_workingset_refault_anon 582
[  738.530339][ T3283] total_workingset_refault_file 15
[  738.535480][ T3283] total_swap 127905792
[  738.539556][ T3283] total_swapcached 86016
[  738.543858][ T3283] total_pgpgin 432077
[  738.547843][ T3283] total_pgpgout 362670
[  738.551948][ T3283] total_pgfault 132400
[  738.556194][ T3283] total_pgmajfault 190
[  738.560349][ T3283] total_inactive_anon 210059264
[  738.565213][ T3283] total_active_anon 78032896
[  738.569846][ T3283] total_inactive_file 0
[  738.574257][ T3283] total_active_file 0
[  738.578418][ T3283] total_unevictable 0
[  738.582847][ T3283] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3287,uid=0
[  738.583071][ T4028] overlayfs: failed to clone upperpath
[  738.597847][ T3283] Memory cgroup out of memory: Killed process 3287 (syz.1.11840) total-vm:90292kB, anon-rss:1160kB, file-rss:58880kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  738.826581][ T3288] syz.1.11840 invoked oom-killer: gfp_mask=0x2100cca(GFP_HIGHUSER_MOVABLE|__GFP_CMA), order=0, oom_score_adj=1000
[  738.869490][ T3288] CPU: 0 UID: 0 PID: 3288 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  738.869529][ T3288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  738.869544][ T3288] Call Trace:
[  738.869552][ T3288]  <TASK>
[  738.869561][ T3288]  __dump_stack+0x21/0x30
[  738.869595][ T3288]  dump_stack_lvl+0x10c/0x190
[  738.869639][ T3288]  ? __cfi_dump_stack_lvl+0x10/0x10
[  738.869670][ T3288]  ? ___ratelimit+0x3f7/0x5a0
[  738.869703][ T3288]  dump_stack+0x19/0x20
[  738.869733][ T3288]  dump_header+0xd7/0x490
[  738.869757][ T3288]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  738.869787][ T3288]  oom_kill_process+0x35d/0x640
[  738.869815][ T3288]  ? sched_clock_cpu+0x75/0x400
[  738.869847][ T3288]  out_of_memory+0x659/0xa80
[  738.869875][ T3288]  ? __cfi_out_of_memory+0x10/0x10
[  738.869903][ T3288]  ? mutex_lock_killable+0x92/0x1c0
[  738.869937][ T3288]  ? __cfi_mutex_lock_killable+0x10/0x10
[  738.869973][ T3288]  mem_cgroup_out_of_memory+0x279/0x350
[  738.869996][ T3288]  ? drain_obj_stock+0xed0/0xed0
[  738.870016][ T3288]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  738.870037][ T3288]  try_charge_memcg+0x8f7/0xde0
[  738.870068][ T3288]  ? __cfi_try_charge_memcg+0x10/0x10
[  738.870096][ T3288]  ? xas_load+0x3a2/0x3d0
[  738.870125][ T3288]  mem_cgroup_swapin_charge_folio+0x1b3/0x3e0
[  738.870159][ T3288]  __read_swap_cache_async+0x34a/0x690
[  738.870183][ T3288]  ? cgroup_rstat_updated+0x132/0x7f0
[  738.870214][ T3288]  swap_cluster_readahead+0x43a/0x530
[  738.870236][ T3288]  ? xas_load+0x3a2/0x3d0
[  738.870261][ T3288]  ? __cfi_swap_cluster_readahead+0x10/0x10
[  738.870287][ T3288]  ? kernel_text_address+0xa9/0xe0
[  738.870317][ T3288]  swapin_readahead+0xf2/0x820
[  738.870342][ T3288]  ? __filemap_get_folio+0xa58/0xaa0
[  738.870373][ T3288]  ? __cfi_swapin_readahead+0x10/0x10
[  738.870396][ T3288]  ? stack_depot_save_flags+0x38/0x800
[  738.870422][ T3288]  ? get_swap_device+0x10f/0x290
[  738.870458][ T3288]  do_swap_page+0x43c/0x42f0
[  738.870481][ T3288]  ? post_alloc_hook+0x3b9/0x3f0
[  738.870508][ T3288]  ? get_page_from_freelist+0x48ce/0x4960
[  738.870536][ T3288]  ? __alloc_pages_noprof+0x31f/0x7b0
[  738.870584][ T3288]  ? __kasan_check_write+0x18/0x20
[  738.870626][ T3288]  ? __update_page_owner_handle+0x318/0x370
[  738.870655][ T3288]  ? __cfi_do_swap_page+0x10/0x10
[  738.870678][ T3288]  ? __set_page_owner+0x3bf/0x5d0
[  738.870706][ T3288]  ? __cfi_default_wake_function+0x10/0x10
[  738.870737][ T3288]  ? __pte_offset_map+0x1b0/0x230
[  738.870769][ T3288]  ? pte_offset_map_rw_nolock+0xba/0x110
[  738.870803][ T3288]  handle_mm_fault+0x1205/0x1b90
[  738.870828][ T3288]  ? __kasan_check_write+0x18/0x20
[  738.870864][ T3288]  ? __cfi_handle_mm_fault+0x10/0x10
[  738.870889][ T3288]  ? follow_page_pte+0x4a3/0xb90
[  738.870920][ T3288]  ? gup_must_unshare+0x1e0/0x1e0
[  738.870949][ T3288]  ? vma_is_secretmem+0x11/0x50
[  738.870980][ T3288]  __get_user_pages+0x1169/0x22d0
[  738.871010][ T3288]  ? __kasan_check_write+0x18/0x20
[  738.871048][ T3288]  ? populate_vma_page_range+0x230/0x230
[  738.871076][ T3288]  ? __alloc_pages_noprof+0x31f/0x7b0
[  738.871109][ T3288]  get_dump_page+0x107/0x220
[  738.871136][ T3288]  ? __cfi_get_dump_page+0x10/0x10
[  738.871165][ T3288]  ? __free_pages+0x6b/0x3b0
[  738.871194][ T3288]  dump_user_range+0x181/0xdf0
[  738.871217][ T3288]  ? __cfi_dump_emit+0x10/0x10
[  738.871251][ T3288]  ? __cfi_dump_user_range+0x10/0x10
[  738.871273][ T3288]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  738.871307][ T3288]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  738.871342][ T3288]  elf_core_dump+0x2ccc/0x3800
[  738.871371][ T3288]  ? __cfi_elf_core_dump+0x10/0x10
[  738.871405][ T3288]  ? dump_interrupted+0xf0/0xf0
[  738.871436][ T3288]  ? filp_open+0x182/0x1d0
[  738.871465][ T3288]  ? 0xffffffffff600000
[  738.871482][ T3288]  ? freezing_slow_path+0x12b/0x170
[  738.871515][ T3288]  do_coredump+0x1bf7/0x2bd0
[  738.871553][ T3288]  ? __cfi_do_coredump+0x10/0x10
[  738.871585][ T3288]  ? asm_exc_page_fault+0x2b/0x30
[  738.871640][ T3288]  ? __kasan_slab_free+0x6a/0x80
[  738.871665][ T3288]  ? kmem_cache_free+0x1c1/0x510
[  738.871687][ T3288]  ? get_signal+0xa75/0x14f0
[  738.871716][ T3288]  get_signal+0x11fd/0x14f0
[  738.871748][ T3288]  arch_do_signal_or_restart+0x96/0x720
[  738.871784][ T3288]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  738.871823][ T3288]  irqentry_exit_to_user_mode+0x4e/0xb0
[  738.871847][ T3288]  irqentry_exit+0x16/0x60
[  738.871874][ T3288]  exc_page_fault+0x66/0xc0
[  738.871895][ T3288]  asm_exc_page_fault+0x2b/0x30
[  738.871914][ T3288] RIP: 0033:0x7fc9cfe4f987
[  738.871933][ T3288] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  738.871954][ T3288] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  738.871975][ T3288] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  738.871992][ T3288] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  738.872009][ T3288] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  738.872026][ T3288] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  738.872041][ T3288] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  738.872062][ T3288]  </TASK>
[  738.943564][ T4049] netlink: 'syz.5.12115': attribute type 4 has an invalid length.
[  738.958842][ T3288] memory: usage 301984kB, limit 307200kB, failcnt 65186
[  739.393507][ T3288] memory+swap: usage 373028kB, limit 9007199254740988kB, failcnt 0
[  739.401588][ T3288] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  739.408481][ T3288] Memory cgroup stats for /syz1:
[  739.408608][ T3288] cache 261668864
[  739.417220][ T3288] rss 352256
[  739.420439][ T3288] rss_huge 0
[  739.423644][ T3288] shmem 261668864
[  739.427279][ T3288] mapped_file 0
[  739.430766][ T3288] dirty 0
[  739.433737][ T3288] writeback 0
[  739.437041][ T3288] workingset_refault_anon 582
[  739.441769][ T3288] workingset_refault_file 15
[  739.446367][ T3288] swap 119914496
[  739.449947][ T3288] swapcached 77824
[  739.453677][ T3288] pgpgin 438506
[  739.457129][ T3288] pgpgout 375547
[  739.460703][ T3288] pgfault 132745
[  739.464264][ T3288] pgmajfault 190
[  739.467815][ T3288] inactive_anon 85512192
[  739.472162][ T3288] active_anon 176553984
[  739.476330][ T3288] inactive_file 0
[  739.480007][ T3288] active_file 0
[  739.483538][ T3288] unevictable 0
[  739.487019][ T3288] hierarchical_memory_limit 314572800
[  739.492459][ T3288] hierarchical_memsw_limit 9223372036854771712
[  739.498814][ T3288] total_cache 261668864
[  739.503267][ T3288] total_rss 352256
[  739.507046][ T3288] total_rss_huge 0
[  739.510813][ T3288] total_shmem 261668864
[  739.514979][ T3288] total_mapped_file 0
[  739.519164][ T3288] total_dirty 0
[  739.522957][ T3288] total_writeback 0
[  739.526781][ T3288] total_workingset_refault_anon 582
[  739.532043][ T3288] total_workingset_refault_file 15
[  739.537170][ T3288] total_swap 119914496
[  739.541362][ T3288] total_swapcached 77824
[  739.545628][ T3288] total_pgpgin 438506
[  739.549674][ T3288] total_pgpgout 375547
[  739.553753][ T3288] total_pgfault 132745
[  739.557838][ T3288] total_pgmajfault 190
[  739.562153][ T3288] total_inactive_anon 85512192
[  739.567018][ T3288] total_active_anon 176553984
[  739.571758][ T3288] total_inactive_file 0
[  739.576127][ T3288] total_active_file 0
[  739.580418][ T3288] total_unevictable 0
[  739.584485][ T3288] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3280,uid=0
[  739.599729][ T3288] Memory cgroup out of memory: Killed process 3280 (syz.1.11840) total-vm:90292kB, anon-rss:1288kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  740.135564][   T36] audit: type=1400 audit(2000005008.739:128019): avc:  denied  { watch watch_reads } for  pid=4109 comm="syz.2.12136" path="/94/file1" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  740.242484][ T4126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12142'.
[  740.252057][ T4123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12139'.
[  740.289556][ T4131] tmpfs: Bad value for 'size'
[  740.309249][ T3286] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  740.366293][ T3286] CPU: 1 UID: 0 PID: 3286 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  740.366332][ T3286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  740.366347][ T3286] Call Trace:
[  740.366356][ T3286]  <TASK>
[  740.366366][ T3286]  __dump_stack+0x21/0x30
[  740.366403][ T3286]  dump_stack_lvl+0x10c/0x190
[  740.366433][ T3286]  ? __cfi_dump_stack_lvl+0x10/0x10
[  740.366464][ T3286]  ? ___ratelimit+0x3f7/0x5a0
[  740.366497][ T3286]  dump_stack+0x19/0x20
[  740.366526][ T3286]  dump_header+0xd7/0x490
[  740.366549][ T3286]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  740.366579][ T3286]  oom_kill_process+0x35d/0x640
[  740.366607][ T3286]  ? sched_clock_cpu+0x75/0x400
[  740.366639][ T3286]  out_of_memory+0x659/0xa80
[  740.366667][ T3286]  ? __cfi_out_of_memory+0x10/0x10
[  740.366694][ T3286]  ? mutex_lock_killable+0x92/0x1c0
[  740.366735][ T3286]  ? __cfi_mutex_lock_killable+0x10/0x10
[  740.366771][ T3286]  mem_cgroup_out_of_memory+0x279/0x350
[  740.366795][ T3286]  ? drain_obj_stock+0xed0/0xed0
[  740.366818][ T3286]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  740.366840][ T3286]  try_charge_memcg+0x8f7/0xde0
[  740.366870][ T3286]  ? _raw_spin_lock+0x8c/0x120
[  740.366897][ T3286]  ? __cfi_try_charge_memcg+0x10/0x10
[  740.366928][ T3286]  ? __alloc_pages_noprof+0x31f/0x7b0
[  740.366961][ T3286]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  740.366992][ T3286]  ? __folio_batch_add_and_move+0x2ab/0x370
[  740.367022][ T3286]  __mem_cgroup_charge+0xf6/0x410
[  740.367066][ T3286]  ? _raw_spin_lock+0x8c/0x120
[  740.367090][ T3286]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  740.367124][ T3286]  shmem_alloc_and_add_folio+0x86d/0x1050
[  740.367153][ T3286]  ? put_swap_device+0x130/0x130
[  740.367178][ T3286]  ? shmem_huge_global_enabled+0x2da/0x360
[  740.367203][ T3286]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  740.367226][ T3286]  ? __kasan_check_write+0x18/0x20
[  740.367258][ T3286]  ? _raw_spin_lock+0x8c/0x120
[  740.367282][ T3286]  shmem_get_folio_gfp+0x5f0/0x1380
[  740.367308][ T3286]  ? shmem_get_folio+0xc0/0xc0
[  740.367329][ T3286]  ? follow_page_pte+0xa5c/0xb90
[  740.367358][ T3286]  ? inode_to_bdi+0x6d/0x100
[  740.367387][ T3286]  shmem_write_begin+0xf4/0x270
[  740.367414][ T3286]  generic_perform_write+0x32d/0x960
[  740.367448][ T3286]  ? __cfi_generic_perform_write+0x10/0x10
[  740.367478][ T3286]  ? down_write+0xe9/0x2a0
[  740.367498][ T3286]  ? file_update_time+0xa3/0x220
[  740.367527][ T3286]  shmem_file_write_iter+0x105/0x130
[  740.367555][ T3286]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  740.367584][ T3286]  __kernel_write_iter+0x41d/0x8e0
[  740.367604][ T3286]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  740.367633][ T3286]  ? __cfi___kernel_write_iter+0x10/0x10
[  740.367652][ T3286]  ? get_dump_page+0x160/0x220
[  740.367685][ T3286]  ? __asan_memset+0x39/0x50
[  740.367723][ T3286]  ? iov_iter_bvec+0xc0/0x180
[  740.367751][ T3286]  dump_user_range+0xb06/0xdf0
[  740.367772][ T3286]  ? __cfi_dump_emit+0x10/0x10
[  740.367804][ T3286]  ? __cfi_dump_user_range+0x10/0x10
[  740.367825][ T3286]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  740.367857][ T3286]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  740.367889][ T3286]  elf_core_dump+0x2ccc/0x3800
[  740.367918][ T3286]  ? __cfi_elf_core_dump+0x10/0x10
[  740.367950][ T3286]  ? dump_interrupted+0xf0/0xf0
[  740.367981][ T3286]  ? filp_open+0x182/0x1d0
[  740.368007][ T3286]  ? 0xffffffffff600000
[  740.368024][ T3286]  ? freezing_slow_path+0x12b/0x170
[  740.368054][ T3286]  do_coredump+0x1bf7/0x2bd0
[  740.368108][ T3286]  ? __cfi_do_coredump+0x10/0x10
[  740.368141][ T3286]  ? asm_exc_page_fault+0x2b/0x30
[  740.368174][ T3286]  ? __kasan_slab_free+0x6a/0x80
[  740.368200][ T3286]  ? kmem_cache_free+0x1c1/0x510
[  740.368222][ T3286]  ? get_signal+0xa75/0x14f0
[  740.368252][ T3286]  get_signal+0x11fd/0x14f0
[  740.368302][ T3286]  arch_do_signal_or_restart+0x96/0x720
[  740.368339][ T3286]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  740.368377][ T3286]  irqentry_exit_to_user_mode+0x4e/0xb0
[  740.368400][ T3286]  irqentry_exit+0x16/0x60
[  740.368420][ T3286]  exc_page_fault+0x66/0xc0
[  740.368439][ T3286]  asm_exc_page_fault+0x2b/0x30
[  740.368459][ T3286] RIP: 0033:0x7fc9cfe4f987
[  740.368477][ T3286] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  740.368498][ T3286] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  740.368522][ T3286] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  740.368539][ T3286] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  740.368556][ T3286] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  740.368573][ T3286] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  740.368589][ T3286] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  740.368611][ T3286]  </TASK>
[  740.368688][ T3286] memory: usage 307200kB, limit 307200kB, failcnt 67851
[  740.486434][ T4148] overlay: ./file1 is not a directory
[  740.491130][ T3286] memory+swap: usage 431804kB, limit 9007199254740988kB, failcnt 0
[  740.856242][ T3286] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  740.865006][ T3286] Memory cgroup stats for /syz1:
[  740.865162][ T3286] cache 313090048
[  740.874013][ T3286] rss 1114112
[  740.877400][ T3286] rss_huge 0
[  740.880666][ T3286] shmem 313090048
[  740.884490][ T3286] mapped_file 0
[  740.887990][ T3286] dirty 0
[  740.890975][ T3286] writeback 0
[  740.894263][ T3286] workingset_refault_anon 866
[  740.898942][ T3286] workingset_refault_file 15
[  740.903571][ T3286] swap 127594496
[  740.907124][ T3286] swapcached 397312
[  740.910943][ T3286] pgpgin 466818
[  740.914636][ T3286] pgpgout 391040
[  740.918361][ T3286] pgfault 134387
[  740.921990][ T3286] pgmajfault 264
[  740.925541][ T3286] inactive_anon 123916288
[  740.929910][ T3286] active_anon 190656512
[  740.934073][ T3286] inactive_file 0
[  740.937704][ T3286] active_file 0
[  740.941187][ T3286] unevictable 0
[  740.944656][ T3286] hierarchical_memory_limit 314572800
[  740.950061][ T3286] hierarchical_memsw_limit 9223372036854771712
[  740.956217][ T3286] total_cache 313090048
[  740.960390][ T3286] total_rss 1114112
[  740.964198][ T3286] total_rss_huge 0
[  740.967906][ T3286] total_shmem 313090048
[  740.972075][ T3286] total_mapped_file 0
[  740.976060][ T3286] total_dirty 0
[  740.979532][ T3286] total_writeback 0
[  740.983415][ T3286] total_workingset_refault_anon 866
[  740.988626][ T3286] total_workingset_refault_file 15
[  740.993754][ T3286] total_swap 127594496
[  740.997823][ T3286] total_swapcached 397312
[  741.002199][ T3286] total_pgpgin 466818
[  741.006185][ T3286] total_pgpgout 391040
[  741.010271][ T3286] total_pgfault 134387
[  741.014341][ T3286] total_pgmajfault 264
[  741.018403][ T3286] total_inactive_anon 123916288
[  741.023281][ T3286] total_active_anon 190656512
[  741.027963][ T3286] total_inactive_file 0
[  741.032131][ T3286] total_active_file 0
[  741.036115][ T3286] total_unevictable 0
[  741.040125][ T3286] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3288,uid=0
[  741.055080][ T3286] Memory cgroup out of memory: Killed process 3288 (syz.1.11840) total-vm:90292kB, anon-rss:1288kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  741.219603][ T4161] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12153'.
[  741.249664][ T4161] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12153'.
[  741.291655][ T3286] syz.1.11840 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  741.341184][ T3286] CPU: 0 UID: 0 PID: 3286 Comm: syz.1.11840 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  741.341224][ T3286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  741.341238][ T3286] Call Trace:
[  741.341246][ T3286]  <TASK>
[  741.341256][ T3286]  __dump_stack+0x21/0x30
[  741.341292][ T3286]  dump_stack_lvl+0x10c/0x190
[  741.341322][ T3286]  ? __cfi_dump_stack_lvl+0x10/0x10
[  741.341352][ T3286]  ? ___ratelimit+0x3f7/0x5a0
[  741.341383][ T3286]  dump_stack+0x19/0x20
[  741.341420][ T3286]  dump_header+0xd7/0x490
[  741.341443][ T3286]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  741.341473][ T3286]  oom_kill_process+0x35d/0x640
[  741.341501][ T3286]  ? sched_clock_cpu+0x75/0x400
[  741.341533][ T3286]  out_of_memory+0x659/0xa80
[  741.341561][ T3286]  ? __cfi_out_of_memory+0x10/0x10
[  741.341587][ T3286]  ? mutex_lock_killable+0x92/0x1c0
[  741.341620][ T3286]  ? __cfi_mutex_lock_killable+0x10/0x10
[  741.341655][ T3286]  mem_cgroup_out_of_memory+0x279/0x350
[  741.341678][ T3286]  ? drain_obj_stock+0xed0/0xed0
[  741.341701][ T3286]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  741.341724][ T3286]  try_charge_memcg+0x8f7/0xde0
[  741.341754][ T3286]  ? _raw_spin_lock+0x8c/0x120
[  741.341780][ T3286]  ? __cfi_try_charge_memcg+0x10/0x10
[  741.341810][ T3286]  ? __alloc_pages_noprof+0x31f/0x7b0
[  741.341842][ T3286]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  741.341872][ T3286]  ? __folio_batch_add_and_move+0x2ab/0x370
[  741.341903][ T3286]  __mem_cgroup_charge+0xf6/0x410
[  741.341936][ T3286]  ? _raw_spin_lock+0x8c/0x120
[  741.341961][ T3286]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  741.341996][ T3286]  shmem_alloc_and_add_folio+0x86d/0x1050
[  741.342027][ T3286]  ? put_swap_device+0x130/0x130
[  741.342054][ T3286]  ? shmem_huge_global_enabled+0x2da/0x360
[  741.342080][ T3286]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  741.342105][ T3286]  ? __kasan_check_write+0x18/0x20
[  741.342139][ T3286]  ? _raw_spin_lock+0x8c/0x120
[  741.342166][ T3286]  shmem_get_folio_gfp+0x5f0/0x1380
[  741.342194][ T3286]  ? shmem_get_folio+0xc0/0xc0
[  741.342216][ T3286]  ? follow_page_pte+0xa5c/0xb90
[  741.342246][ T3286]  ? inode_to_bdi+0x6d/0x100
[  741.342278][ T3286]  shmem_write_begin+0xf4/0x270
[  741.342306][ T3286]  generic_perform_write+0x32d/0x960
[  741.342342][ T3286]  ? __cfi_generic_perform_write+0x10/0x10
[  741.342374][ T3286]  ? down_write+0xe9/0x2a0
[  741.342438][ T3286]  ? file_update_time+0xa3/0x220
[  741.342469][ T3286]  shmem_file_write_iter+0x105/0x130
[  741.342501][ T3286]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  741.342532][ T3286]  __kernel_write_iter+0x41d/0x8e0
[  741.342554][ T3286]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  741.342585][ T3286]  ? __cfi___kernel_write_iter+0x10/0x10
[  741.342606][ T3286]  ? get_dump_page+0x160/0x220
[  741.342636][ T3286]  ? __asan_memset+0x39/0x50
[  741.342670][ T3286]  ? iov_iter_bvec+0xc0/0x180
[  741.342700][ T3286]  dump_user_range+0xb06/0xdf0
[  741.342723][ T3286]  ? __cfi_dump_emit+0x10/0x10
[  741.342757][ T3286]  ? __cfi_dump_user_range+0x10/0x10
[  741.342779][ T3286]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  741.342814][ T3286]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  741.342849][ T3286]  elf_core_dump+0x2ccc/0x3800
[  741.342881][ T3286]  ? __cfi_elf_core_dump+0x10/0x10
[  741.342916][ T3286]  ? dump_interrupted+0xf0/0xf0
[  741.342950][ T3286]  ? filp_open+0x182/0x1d0
[  741.342980][ T3286]  ? 0xffffffffff600000
[  741.342997][ T3286]  ? freezing_slow_path+0x12b/0x170
[  741.343031][ T3286]  do_coredump+0x1bf7/0x2bd0
[  741.343069][ T3286]  ? __cfi_do_coredump+0x10/0x10
[  741.343102][ T3286]  ? asm_exc_page_fault+0x2b/0x30
[  741.343131][ T3286]  ? __kasan_slab_free+0x6a/0x80
[  741.343155][ T3286]  ? kmem_cache_free+0x1c1/0x510
[  741.343176][ T3286]  ? get_signal+0xa75/0x14f0
[  741.343205][ T3286]  get_signal+0x11fd/0x14f0
[  741.343236][ T3286]  arch_do_signal_or_restart+0x96/0x720
[  741.343272][ T3286]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  741.343310][ T3286]  irqentry_exit_to_user_mode+0x4e/0xb0
[  741.343334][ T3286]  irqentry_exit+0x16/0x60
[  741.343355][ T3286]  exc_page_fault+0x66/0xc0
[  741.343376][ T3286]  asm_exc_page_fault+0x2b/0x30
[  741.343397][ T3286] RIP: 0033:0x7fc9cfe4f987
[  741.343423][ T3286] Code: 88 15 72 5d ec 00 88 05 6f 5d ec 00 c3 50 48 8d 35 19 26 1c 00 48 8d 3d 1f 26 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  741.343444][ T3286] RSP: 002b:00007fc9ce9d8120 EFLAGS: 00010202
[  741.343466][ T3286] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fc9cff8eec9
[  741.343482][ T3286] RDX: 00007fc9ce9d8140 RSI: 00007fc9ce9d8270 RDI: 000000000000000b
[  741.343500][ T3286] RBP: 00007fc9d0011f91 R08: 0000000000000000 R09: 0000000000000000
[  741.343516][ T3286] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  741.343531][ T3286] R13: 00007fc9d01e6128 R14: 00007fc9d01e6090 R15: 00007ffc773022c8
[  741.343553][ T3286]  </TASK>
[  741.343562][ T3286] memory: usage 307200kB, limit 307200kB, failcnt 70164
[  741.819962][ T3286] memory+swap: usage 408832kB, limit 9007199254740988kB, failcnt 0
[  741.827881][ T3286] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  741.834782][ T3286] Memory cgroup stats for /syz1:
[  741.834930][ T3286] cache 303640576
[  741.843551][ T3286] rss 933888
[  741.846771][ T3286] rss_huge 0
[  741.850027][ T3286] shmem 303640576
[  741.853667][ T3286] mapped_file 0
[  741.857131][ T3286] dirty 0
[  741.860586][ T3286] writeback 12288
[  741.864242][ T3286] workingset_refault_anon 887
[  741.868925][ T3286] workingset_refault_file 15
[  741.873565][ T3286] swap 110657536
[  741.877135][ T3286] swapcached 380928
[  741.889662][ T3286] pgpgin 476006
[  741.893148][ T3286] pgpgout 402572
[  741.896704][ T3286] pgfault 134537
[  741.909669][ T3286] pgmajfault 285
[  741.913247][ T3286] inactive_anon 32301056
[  741.917497][ T3286] active_anon 272535552
[  741.929632][ T3286] inactive_file 0
[  741.933300][ T3286] active_file 0
[  741.936769][ T3286] unevictable 0
[  741.949631][ T3286] hierarchical_memory_limit 314572800
[  741.955022][ T3286] hierarchical_memsw_limit 9223372036854771712
[  741.979635][ T3286] total_cache 303640576
[  741.983918][ T3286] total_rss 933888
[  741.987643][ T3286] total_rss_huge 0
[  741.999642][ T3286] total_shmem 303640576
[  742.003921][ T3286] total_mapped_file 0
[  742.007911][ T3286] total_dirty 0
[  742.019693][ T3286] total_writeback 12288
[  742.023891][ T3286] total_workingset_refault_anon 887
[  742.029093][ T3286] total_workingset_refault_file 15
[  742.049641][ T3286] total_swap 110657536
[  742.059689][ T3286] total_swapcached 380928
[  742.064134][ T3286] total_pgpgin 476006
[  742.068125][ T3286] total_pgpgout 402572
[  742.090088][ T3286] total_pgfault 134537
[  742.094287][ T3286] total_pgmajfault 285
[  742.098365][ T3286] total_inactive_anon 32301056
[  742.119634][ T3286] total_active_anon 272535552
[  742.124357][ T3286] total_inactive_file 0
[  742.128521][ T3286] total_active_file 0
[  742.132759][ T3286] total_unevictable 0
[  742.136932][ T3286] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.11840,pid=3286,uid=0
[  742.153881][ T3286] Memory cgroup out of memory: Killed process 3286 (syz.1.11840) total-vm:90292kB, anon-rss:1288kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  742.229661][ T4183] netlink: 36 bytes leftover after parsing attributes in process `syz.5.12162'.
[  742.366809][ T4196] overlayfs: failed to clone upperpath
[  742.476385][ T4207] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  742.479229][   T36] audit: type=1400 audit(2000005011.079:128020): avc:  denied  { setattr } for  pid=4206 comm="syz.1.12172" path="/dev/binderfs/binder1" dev="binder" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  742.479341][ T4207] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  743.075685][ T4253] sit0: entered promiscuous mode
[  743.099316][ T4253] netlink: 'syz.2.12182': attribute type 1 has an invalid length.
[  743.117719][ T4253] netlink: 1 bytes leftover after parsing attributes in process `syz.2.12182'.
[  743.135079][ T4255] veth1: entered allmulticast mode
[  743.158832][ T4260] overlayfs: failed to clone lowerpath
[  743.519804][  T337] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  743.669647][  T337] usb 2-1: Using ep0 maxpacket: 32
[  743.677052][  T337] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  743.690067][  T337] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  743.703135][  T337] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  743.719885][  T337] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  743.729866][  T337] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  743.739828][  T337] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  743.753549][  T337] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  743.764962][  T337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.777229][  T337] usb 2-1: config 0 descriptor??
[  743.840707][ T4281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12192'.
[  743.937550][ T4291] overlayfs: failed to clone upperpath
[  743.966098][ T4254] veth1: left allmulticast mode
[  743.989382][  T337] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  744.005188][  T337] usb 2-1: USB disconnect, device number 15
[  744.012720][  T337] usblp0: removed
[  744.040876][ T4304] overlayfs: failed to clone upperpath
[  744.429665][T20109] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  744.498821][ T4309] overlayfs: failed to clone lowerpath
[  744.525688][ T4313] overlayfs: failed to clone lowerpath
[  744.579660][T20109] usb 2-1: Using ep0 maxpacket: 32
[  744.585958][T20109] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  744.594383][T20109] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  744.603148][T20109] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  744.612143][T20109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  744.621817][T20109] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  744.631578][T20109] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  744.644594][T20109] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  744.653661][T20109] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.662237][T20109] usb 2-1: config 0 descriptor??
[  744.868890][T20109] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  745.069640][   T36] audit: type=1400 audit(2000005013.669:128021): avc:  denied  { read write } for  pid=4270 comm="syz.1.12188" name="lp0" dev="devtmpfs" ino=1124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  745.075320][   T45] usb 2-1: USB disconnect, device number 16
[  745.093972][   T36] audit: type=1400 audit(2000005013.679:128022): avc:  denied  { open } for  pid=4270 comm="syz.1.12188" path="/dev/usb/lp0" dev="devtmpfs" ino=1124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  745.103610][   T45] usblp0: removed
[  745.668040][ T4332] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  745.668507][ T4332] rust_binder: got new transaction with bad transaction stack
[  745.675047][ T4332] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:310
[  745.682804][ T4332] rust_binder: 310: no such ref 2
[  745.696980][ T4332] rust_binder: 310: no such ref 3
[  745.969225][   T36] audit: type=1400 audit(2000005014.569:128023): avc:  denied  { setattr } for  pid=4338 comm="syz.1.12216" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  746.110322][ T4341] overlayfs: failed to clone upperpath
[  746.148434][ T4347] netlink: 'syz.2.12220': attribute type 4 has an invalid length.
[  746.158523][ T4347] fuse: Unknown parameter 'ϵ'
[  746.212851][ T4358] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  746.551285][ T4370] 9pnet_fd: Insufficient options for proto=fd
[  746.703324][ T4372] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  746.734637][ T4379] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  746.741463][ T4378] rust_binder: Failed to allocate buffer. len:4120, is_oneway:true
[  746.747907][ T4378] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  746.756149][ T4378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:328
[  747.071300][ T4410] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  747.089215][ T4410] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  747.100884][ T4410] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  747.207871][ T4416] fuse: Bad value for 'fd'
[  747.224083][ T4421] overlay: filesystem on ./bus is read-only
[  747.493488][ T4451] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  747.493663][ T4451] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:340
[  747.500916][ T4451] cgroup: Invalid name
[  747.565005][ T4456] rust_binder: 340: no such ref 3
[  747.570155][ T4456] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:340
[  747.871980][ T4484] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  748.192520][ T4511] fuse: Bad value for 'fd'
[  748.392942][ T1121] rust_binder: 4534: removing orphan mapping 0:24
[  748.585093][ T4567] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12300'.
[  749.656357][ T4621] SELinux: security_context_str_to_sid (ûÿÿÿÿÿÿÿ©) failed with errno=-22
[  749.664885][ T4622] SELinux: security_context_str_to_sid (ûÿÿÿÿÿÿÿ©) failed with errno=-22
[  749.681757][ T4624] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  749.700999][ T4628] /dev/loop0: Can't lookup blockdev
[  749.717789][ T4624] rust_binder: Read failure Err(EAGAIN) in pid:372
[  750.014014][ T4665] netlink: 4428 bytes leftover after parsing attributes in process `syz.2.12335'.
[  750.054172][ T4674] netlink: 'syz.2.12337': attribute type 11 has an invalid length.
[  750.155840][ T4677] overlayfs: failed to clone lowerpath
[  750.162630][   T36] audit: type=1326 audit(2000005018.769:128024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4676 comm="syz.2.12338" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc53698eec9 code=0x0
[  750.304488][ T4697] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  750.463278][ T4709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12351'.
[  750.472361][ T4709] bridge_slave_1: left allmulticast mode
[  750.478238][ T4709] bridge_slave_1: left promiscuous mode
[  750.484216][ T4709] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.492351][ T4709] bridge_slave_0: left allmulticast mode
[  750.498152][ T4709] bridge_slave_0: left promiscuous mode
[  750.503887][ T4709] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.572589][ T4710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12351'.
[  750.659488][ T4743] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12360'.
[  750.869686][  T905] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  751.019678][  T905] usb 2-1: Using ep0 maxpacket: 32
[  751.026941][  T905] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  751.035495][  T905] usb 2-1: config 0 has no interface number 0
[  751.041696][  T905] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  751.052678][  T905] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  751.062649][  T905] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  751.071745][  T905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.080342][  T905] usb 2-1: config 0 descriptor??
[  751.234419][ T4759] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12366'.
[  751.566293][ T4770] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  751.693967][  T905] uclogic 0003:28BD:0094.0027: failed retrieving string descriptor #100: -71
[  751.703853][  T905] uclogic 0003:28BD:0094.0027: failed retrieving pen parameters: -71
[  751.712042][  T905] uclogic 0003:28BD:0094.0027: pen probing failed: -71
[  751.718912][  T905] uclogic 0003:28BD:0094.0027: failed probing parameters: -71
[  751.726445][  T905] uclogic 0003:28BD:0094.0027: probe with driver uclogic failed with error -71
[  751.736662][  T905] usb 2-1: USB disconnect, device number 17
[  752.133530][ T4842] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12394'.
[  752.171574][ T4850] overlayfs: failed to clone upperpath
[  752.301969][ T4871] fuseblk: Unknown parameter 'max_®ead'
[  752.449675][ T1121] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  752.599676][ T1121] usb 2-1: Using ep0 maxpacket: 8
[  752.605999][ T1121] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  752.614339][ T1121] usb 2-1: config 0 has no interface number 0
[  752.621253][   T36] audit: type=1400 audit(2000005128.232:128025): avc:  denied  { accept } for  pid=4880 comm="syz.2.12407" path="socket:[137488]" dev="sockfs" ino=137488 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  752.622545][ T1121] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  752.654347][ T1121] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  752.667640][ T1121] usb 2-1: Product: syz
[  752.677471][ T1121] usb 2-1: Manufacturer: syz
[  752.682160][ T1121] usb 2-1: SerialNumber: syz
[  752.692821][ T1121] usb 2-1: config 0 descriptor??
[  752.841076][ T4904] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12416'.
[  753.188911][ T4925] netlink: 'syz.9.12422': attribute type 16 has an invalid length.
[  753.197025][ T4926] netlink: 'syz.9.12422': attribute type 16 has an invalid length.
[  753.205067][ T4925] netlink: 'syz.9.12422': attribute type 3 has an invalid length.
[  753.213298][ T4926] netlink: 'syz.9.12422': attribute type 3 has an invalid length.
[  753.221382][ T4925] netlink: 'syz.9.12422': attribute type 1 has an invalid length.
[  753.229272][ T4926] netlink: 'syz.9.12422': attribute type 1 has an invalid length.
[  753.237571][ T4925] netlink: 64030 bytes leftover after parsing attributes in process `syz.9.12422'.
[  753.247094][ T4926] netlink: 64030 bytes leftover after parsing attributes in process `syz.9.12422'.
[  753.443267][ T4933] /dev/rnullb0: Can't open blockdev
[  753.643402][ T4946] overlayfs: failed to resolve './bus': -2
[  754.520439][ T4989] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[  754.532120][ T4989] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  754.537585][   T36] audit: type=1400 audit(2000005130.142:128026): avc:  denied  { mounton } for  pid=4984 comm="syz.1.12445" path="/121/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  754.570699][ T4991] overlayfs: failed to clone upperpath
[  754.591956][ T4998] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  754.627546][ T4997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=4997 comm=syz.1.12448
[  754.640385][ T4997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59 sclass=netlink_route_socket pid=4997 comm=syz.1.12448
[  754.660419][ T4998] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  754.668334][ T5010] overlay: Unknown parameter 'posixacl'
[  754.674715][ T4997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=4997 comm=syz.1.12448
[  754.683825][ T4998] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  754.696369][ T4997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12448'.
[  754.701356][ T4998] overlayfs: failed to set xattr on upper
[  754.714902][ T4998] overlayfs: ...falling back to redirect_dir=nofollow.
[  754.723462][ T4998] overlayfs: ...falling back to uuid=null.
[  754.867135][ T5034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  754.869511][ T5033] SELinux: security_context_str_to_sid (sytem_uÝGй‰:ÿß) failed with errno=-22
[  754.876583][ T5034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  754.988487][ T5042] overlayfs: missing 'lowerdir'
[  755.175563][ T5045] overlay: filesystem on ./file0 not supported as upperdir
[  755.401960][ T5068] overlayfs: failed to clone upperpath
[  755.418779][ T5071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5071 comm=syz.9.12477
[  755.607513][ T5101] overlayfs: failed to resolve './file1': -2
[  756.492618][ T5169] overlayfs: failed to clone upperpath
[  756.641588][ T5191] netlink: 'syz.2.12517': attribute type 1 has an invalid length.
[  756.649698][ T5191] netlink: 'syz.2.12517': attribute type 2 has an invalid length.
[  756.848780][ T5207] netlink: 'syz.2.12522': attribute type 2 has an invalid length.
[  757.061609][ T5249] netlink: 'syz.9.12538': attribute type 11 has an invalid length.
[  757.070483][ T5249] overlayfs: failed to clone upperpath
[  757.392060][ T5291] netlink: 16 bytes leftover after parsing attributes in process `syz.5.12555'.
[  757.401198][ T5291] netlink: 17 bytes leftover after parsing attributes in process `syz.5.12555'.
[  757.410325][ T5291] tipc: Invalid UDP bearer configuration
[  757.410349][ T5291] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  757.544128][ T5303] configfs: Unknown parameter 'dax'
[  757.563681][ T5306] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12560'.
[  757.627965][   T36] audit: type=1326 audit(2000005133.232:128027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5315 comm="syz.2.12564" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc53698eec9 code=0x0
[  757.701284][ T1121] usb 2-1: Found UVC 0.04 device syz (046d:08c3)
[  757.707725][ T1121] usb 2-1: No streaming interface found for terminal 6.
[  757.714892][ T1121] usb 2-1: Failed to create links for entity 5
[  757.721112][ T1121] usb 2-1: Failed to register entities (-22).
[  757.779572][ T5320] overlayfs: failed to resolve './file1': -2
[  757.851152][ T5337] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  758.452577][ T5355] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12576'.
[  759.243292][ T5425] netlink: 5308 bytes leftover after parsing attributes in process `syz.1.12600'.
[  759.253250][   T36] audit: type=1326 audit(2000005134.862:128028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.276735][   T36] audit: type=1326 audit(2000005134.862:128029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.300365][   T36] audit: type=1326 audit(2000005134.862:128030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.324014][   T36] audit: type=1326 audit(2000005134.862:128031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.347453][   T36] audit: type=1326 audit(2000005134.862:128032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.370878][   T36] audit: type=1326 audit(2000005134.862:128033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.394313][   T36] audit: type=1326 audit(2000005134.862:128034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.418049][   T36] audit: type=1326 audit(2000005134.862:128035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.441479][   T36] audit: type=1326 audit(2000005134.862:128036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5424 comm="syz.1.12600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9cff8eec9 code=0x50000
[  759.614178][ T5445] netlink: 'syz.9.12607': attribute type 4 has an invalid length.
[  759.622292][ T5445] netlink: 3657 bytes leftover after parsing attributes in process `syz.9.12607'.
[  759.646686][ T5452] overlayfs: failed to clone lowerpath
[  760.131753][ T5466] overlayfs: failed to clone upperpath
[  760.147511][ T5470] netlink: 80 bytes leftover after parsing attributes in process `syz.1.12616'.
[  760.192394][ T5480] overlayfs: failed to clone lowerpath
[  760.238086][ T5494] overlayfs: failed to clone lowerpath
[  760.540425][ T5504] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12628'.
[  760.876499][ T5518] overlayfs: failed to clone upperpath
[  761.418769][ T5539] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.426168][ T5539] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.433341][ T5539] bridge_slave_0: entered allmulticast mode
[  761.439861][ T5539] bridge_slave_0: entered promiscuous mode
[  761.446994][ T5539] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.454126][ T5539] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.461384][ T5539] bridge_slave_1: entered allmulticast mode
[  761.467841][ T5539] bridge_slave_1: entered promiscuous mode
[  761.477801][   T46] bridge_slave_1: left allmulticast mode
[  761.483509][   T46] bridge_slave_1: left promiscuous mode
[  761.489384][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.497038][   T46] bridge_slave_0: left allmulticast mode
[  761.502845][   T46] bridge_slave_0: left promiscuous mode
[  761.508473][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.583589][ T5548] loop4: detected capacity change from 0 to 262204
[  761.639686][   T46] tipc: Left network mode
[  761.659306][   T46] veth1_macvtap: left promiscuous mode
[  761.673407][   T46] veth0_vlan: left promiscuous mode
[  761.766733][ T5539] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.773844][ T5539] bridge0: port 2(bridge_slave_1) entered forwarding state
[  761.781164][ T5539] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.788247][ T5539] bridge0: port 1(bridge_slave_0) entered forwarding state
[  761.813998][T12207] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.821415][T12207] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.832101][  T606] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.839150][  T606] bridge0: port 1(bridge_slave_0) entered forwarding state
[  761.848727][T12207] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.855779][T12207] bridge0: port 2(bridge_slave_1) entered forwarding state
[  761.902581][ T5539] veth0_vlan: entered promiscuous mode
[  761.915955][ T5539] veth1_macvtap: entered promiscuous mode
[  762.190652][   T46] veth1_macvtap: left promiscuous mode
[  762.196227][   T46] veth0_vlan: left promiscuous mode
[  762.255462][ T5594] overlayfs: failed to resolve 'éq‰Y’3aK': -2
[  762.274736][ T5589] bridge0: port 1(bridge_slave_0) entered blocking state
[  762.289713][ T5589] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.296824][ T5589] bridge_slave_0: entered allmulticast mode
[  762.303333][ T5589] bridge_slave_0: entered promiscuous mode
[  762.309925][ T5589] bridge0: port 2(bridge_slave_1) entered blocking state
[  762.317112][ T5589] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.324467][ T5589] bridge_slave_1: entered allmulticast mode
[  762.330850][ T5589] bridge_slave_1: entered promiscuous mode
[  762.388317][ T5589] bridge0: port 2(bridge_slave_1) entered blocking state
[  762.395409][ T5589] bridge0: port 2(bridge_slave_1) entered forwarding state
[  762.402722][ T5589] bridge0: port 1(bridge_slave_0) entered blocking state
[  762.409797][ T5589] bridge0: port 1(bridge_slave_0) entered forwarding state
[  762.426844][T12207] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.438714][T12207] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.458375][  T606] bridge0: port 1(bridge_slave_0) entered blocking state
[  762.465476][  T606] bridge0: port 1(bridge_slave_0) entered forwarding state
[  762.475039][T12207] bridge0: port 2(bridge_slave_1) entered blocking state
[  762.482211][T12207] bridge0: port 2(bridge_slave_1) entered forwarding state
[  762.507528][ T5589] veth0_vlan: entered promiscuous mode
[  762.518599][ T5589] veth1_macvtap: entered promiscuous mode
[  762.565190][ T5619] tipc: Started in network mode
[  762.570192][ T5619] tipc: Node identity d2d8d8ff221b, cluster identity 4711
[  762.577475][ T5619] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  762.585065][ T5618] tipc: Disabling bearer <eth:syzkaller0>
[  762.679684][  T905] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  762.702815][ T5621] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  762.702848][ T5621] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:8
[  762.728965][ T5623] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  762.746091][ T5623] tipc: Disabling bearer <eth:syzkaller0>
[  762.830142][ T5629] rust_binder: Error while translating object.
[  762.830176][ T5629] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  762.836392][ T5629] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:14
[  762.847033][  T905] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  762.878156][  T905] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  762.895653][  T905] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  762.918227][  T905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  762.926833][  T905] usb 5-1: SerialNumber: syz
[  762.958453][ T5654] 9pnet_virtio: no channels available for device ./file0
[  762.990456][ T5658] binder: Unknown parameter 'dc
ä¢zxæ'
[  763.158847][ T5695] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=5695 comm=syz.9.12693
[  763.272038][ T5711] netlink: 'syz.2.12698': attribute type 1 has an invalid length.
[  763.400837][ T5716] netlink: 'syz.9.12699': attribute type 13 has an invalid length.
[  763.485839][ T5720] SELinux: failed to load policy
[  763.685309][  T905] usb 5-1: 0:2 : does not exist
[  763.701680][  T905] usb 5-1: USB disconnect, device number 60
[  763.786981][   T36] kauditd_printk_skb: 61 callbacks suppressed
[  763.787001][   T36] audit: type=1400 audit(2000000000.810:128098): avc:  denied  { setattr } for  pid=5739 comm="syz.4.12707" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  763.892376][   T36] audit: type=1400 audit(2000000000.920:128099): avc:  denied  { map } for  pid=5747 comm="syz.4.12708" path="socket:[139976]" dev="sockfs" ino=139976 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  763.916946][   T36] audit: type=1400 audit(2000000000.920:128100): avc:  denied  { read } for  pid=5747 comm="syz.4.12708" path="socket:[139976]" dev="sockfs" ino=139976 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  763.944309][   T36] audit: type=1400 audit(2000000000.970:128101): avc:  granted  { setsecparam } for  pid=5747 comm="syz.4.12708" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  764.372180][ T5754] netlink: 'syz.9.12711': attribute type 29 has an invalid length.
[  764.380236][ T5754] netlink: 8 bytes leftover after parsing attributes in process `syz.9.12711'.
[  764.582972][ T5765] tmpfs: Unknown parameter 'grpquota_block_hardlimit'
[  764.805321][ T5779] netlink: 'syz.4.12720': attribute type 13 has an invalid length.
[  764.918043][ T5781] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:35
[  765.428475][ T5810] netlink: 84 bytes leftover after parsing attributes in process `syz.7.12732'.
[  765.471786][ T5815] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  765.485931][ T5815] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  765.500495][ T5815] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  765.507518][ T5815] overlayfs: failed to set xattr on upper
[  765.513396][ T5815] overlayfs: ...falling back to redirect_dir=nofollow.
[  765.520392][ T5815] overlayfs: ...falling back to uuid=null.
[  765.659461][ T5832] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12740'.
[  765.671014][ T5832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  765.679914][ T5832] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  765.909699][   T64] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  765.993515][ T5845] netlink: 252 bytes leftover after parsing attributes in process `syz.2.12745'.
[  766.058341][ T5858] netlink: 'syz.9.12751': attribute type 1 has an invalid length.
[  766.067401][   T64] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  766.075608][   T64] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  766.093865][   T64] usb 5-1: config 0 interface 0 has no altsetting 0
[  766.102374][   T64] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  766.111823][   T64] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  766.120189][   T64] usb 5-1: Product: syz
[  766.124563][   T64] usb 5-1: Manufacturer: syz
[  766.129212][   T64] usb 5-1: SerialNumber: syz
[  766.138474][   T64] usb 5-1: config 0 descriptor??
[  766.150806][   T64] hub 5-1:0.0: bad descriptor, ignoring hub
[  766.156943][   T64] hub 5-1:0.0: probe with driver hub failed with error -5
[  766.164918][   T64] usb 5-1: selecting invalid altsetting 0
[  766.379803][ T5832] SELinux: failed to load policy
[  766.489755][   T64] usb 5-1: USB disconnect, device number 61
[  766.806035][ T5924] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12776'.
[  766.820208][    C1] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  767.383775][ T5957] rust_binder: Error while translating object.
[  767.383798][ T5957] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  767.390259][ T5957] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:47
[  767.428849][ T5962] netlink: 'syz.4.12789': attribute type 27 has an invalid length.
[  767.561798][ T5976] netlink: 100 bytes leftover after parsing attributes in process `syz.9.12796'.
[  767.572728][ T5977] netlink: 100 bytes leftover after parsing attributes in process `syz.9.12796'.
[  767.897061][ T5996] 9pnet_fd: Insufficient options for proto=fd
[  768.330025][ T6033] overlayfs: failed to clone upperpath
[  768.330119][ T6034] overlayfs: failed to clone upperpath
[  768.342467][ T6033] netlink: 'syz.9.12816': attribute type 29 has an invalid length.
[  768.350513][ T6033] netlink: 8 bytes leftover after parsing attributes in process `syz.9.12816'.
[  768.740106][  T337] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  768.889663][  T337] usb 5-1: Using ep0 maxpacket: 16
[  768.896589][  T337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  768.907589][  T337] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  768.920565][  T337] usb 5-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00
[  768.929659][  T337] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  768.938333][  T337] usb 5-1: config 0 descriptor??
[  768.944614][  T337] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  769.144201][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.152820][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.160976][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.169593][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.178340][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.187981][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.197126][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.206365][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.215427][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.224806][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.241807][  T337] usb 5-1: USB disconnect, device number 62
[  769.375833][ T6055] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12823'.
[  769.386437][ T6055] bridge_slave_1: left allmulticast mode
[  769.392384][ T6055] bridge_slave_1: left promiscuous mode
[  769.398245][ T6055] bridge0: port 2(bridge_slave_1) entered disabled state
[  769.409761][ T6055] bridge_slave_0: left allmulticast mode
[  769.417165][ T6055] bridge_slave_0: left promiscuous mode
[  769.423400][ T6055] bridge0: port 1(bridge_slave_0) entered disabled state
[  770.296446][ T6091] rust_binder: Error while translating object.
[  770.296484][ T6091] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  770.302747][ T6091] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76
[  771.322089][ T6122] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  771.331362][ T6122] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:93
[  771.368736][ T6126] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  771.383876][ T6129] overlay: ./file0 is not a directory
[  771.907681][ T6155] rust_binder: Write failure EINVAL in pid:105
[  772.002259][   T36] audit: type=1326 audit(2000000009.031:128102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6166 comm="syz.7.12865" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa5ba38eec9 code=0x0
[  772.020974][ T6171] overlayfs: failed to clone lowerpath
[  772.132134][ T6159] rust_binder: validate_parent_fixup: new_min_offset=2147483684, sg_entry.length=233
[  772.132165][ T6159] rust_binder: Error while translating object.
[  772.142228][ T6159] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  772.148443][ T6159] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107
[  772.895872][ T6187] tc_dump_action: action bad kind
[  773.042838][ T6215] netlink: 8 bytes leftover after parsing attributes in process `syz.7.12880'.
[  773.053510][ T6215] overlayfs: failed to clone upperpath
[  773.597078][ T6223] rust_binder: 115: no such ref 3
[  773.602241][ T6223] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  773.609374][ T6223] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  773.616479][ T6223] rust_binder: 115: no such ref 0
[  773.666088][ T6230] SELinux:  Context system_u:object_r:inetd_exec_t:s0 is not valid (left unmapped).
[  773.677512][   T36] audit: type=1400 audit(2000000010.701:128103): avc:  denied  { relabelto } for  pid=6229 comm="syz.7.12886" name="76" dev="tmpfs" ino=438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  773.704923][   T36] audit: type=1400 audit(2000000010.701:128104): avc:  denied  { associate } for  pid=6229 comm="syz.7.12886" name="76" dev="tmpfs" ino=438 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:inetd_exec_t:s0"
[  773.732437][   T36] audit: type=1400 audit(2000000010.711:128105): avc:  denied  { write } for  pid=5589 comm="syz-executor" name="76" dev="tmpfs" ino=438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  773.758662][   T36] audit: type=1400 audit(2000000010.711:128106): avc:  denied  { remove_name } for  pid=5589 comm="syz-executor" name="binderfs" dev="tmpfs" ino=442 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  773.785872][   T36] audit: type=1400 audit(2000000010.711:128107): avc:  denied  { rmdir } for  pid=5589 comm="syz-executor" name="76" dev="tmpfs" ino=438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  773.909743][  T337] usb 5-1: new full-speed USB device number 63 using dummy_hcd
[  774.039729][  T337] usb 5-1: device descriptor read/64, error -71
[  774.240664][ T6254] 9pnet: p9_errstr2errno: server reported unknown error 2ê“’Û°|sdK
[  774.240664][ T6254] ŽNšâÝ÷Ho"¯×hb
[  774.279735][  T337] usb 5-1: device descriptor read/64, error -71
[  774.519755][  T337] usb 5-1: new full-speed USB device number 64 using dummy_hcd
[  774.649663][  T337] usb 5-1: device descriptor read/64, error -71
[  774.692338][ T6271] netlink: 'syz.2.12904': attribute type 30 has an invalid length.
[  774.711021][ T6273] netlink: 'syz.2.12905': attribute type 27 has an invalid length.
[  774.889670][  T337] usb 5-1: device descriptor read/64, error -71
[  774.960335][ T6284] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  774.969671][ T6284] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  774.999724][  T337] usb usb5-port1: attempt power cycle
[  775.041867][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12910'.
[  775.269837][ T6303] fuse: Bad value for 'fd'
[  775.339664][  T337] usb 5-1: new full-speed USB device number 65 using dummy_hcd
[  775.360738][  T337] usb 5-1: device descriptor read/8, error -71
[  775.490767][  T337] usb 5-1: device descriptor read/8, error -71
[  775.638997][   T36] audit: type=1326 audit(2000000012.661:128108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.7.12923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ba38eec9 code=0x7ffc0000
[  775.662776][   T36] audit: type=1326 audit(2000000012.661:128109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.7.12923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ba38eec9 code=0x7ffc0000
[  775.686992][   T36] audit: type=1326 audit(2000000012.671:128110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.7.12923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa5ba38d710 code=0x7ffc0000
[  775.711229][   T36] audit: type=1326 audit(2000000012.671:128111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.7.12923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa5ba38d710 code=0x7ffc0000
[  775.739648][  T337] usb 5-1: new full-speed USB device number 66 using dummy_hcd
[  775.760656][  T337] usb 5-1: device descriptor read/8, error -71
[  775.890681][  T337] usb 5-1: device descriptor read/8, error -71
[  775.999739][  T337] usb usb5-port1: unable to enumerate USB device
[  776.799030][ T6367] input: syz0 as /devices/virtual/input/input53
[  776.820805][ T6371] /dev/rnullb0: Can't open blockdev
[  776.971775][ T6378] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1539 sclass=netlink_audit_socket pid=6378 comm=syz.2.12942
[  776.985149][ T6378] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6378 comm=syz.2.12942
[  777.229673][  T338] usb 5-1: new low-speed USB device number 67 using dummy_hcd
[  777.380679][  T338] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  777.389811][  T338] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.398578][  T338] usb 5-1: config 0 descriptor??
[  777.805124][ T6376] cgroup: Need name or subsystem set
[  777.961972][ T6420] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  778.159804][ T6422] netlink: 280 bytes leftover after parsing attributes in process `syz.7.12958'.
[  778.620868][ T6457] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  778.629251][ T6457] overlayfs: missing 'lowerdir'
[  778.713396][ T6464] fuseblk: Unknown parameter 'appraise_type'
[  779.838617][ T6524] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12993'.
[  779.892720][  T338] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  779.910211][  T338] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  779.934348][  T338] asix 5-1:0.0: probe with driver asix failed with error -71
[  779.942876][  T338] usb 5-1: USB disconnect, device number 67
[  780.078152][ T6538] netlink: 'syz.4.12997': attribute type 27 has an invalid length.
[  780.573586][ T6560] Invalid ELF header magic: != ELF
[  780.914062][ T6581] /dev/loop0: Can't lookup blockdev
[  781.189647][   T10] usb 5-1: new full-speed USB device number 68 using dummy_hcd
[  781.340394][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  781.348950][   T10] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  781.357958][   T10] usb 5-1: config 1 has no interface number 1
[  781.364127][   T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  781.378341][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  781.387658][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  781.395911][   T10] usb 5-1: Product: syz
[  781.400135][   T10] usb 5-1: Manufacturer: syz
[  781.404789][   T10] usb 5-1: SerialNumber: syz
[  781.611695][ T6585] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  781.611758][ T6585] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:142
[  781.621643][ T6585] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  781.630910][ T6585] rust_binder: Read failure Err(EFAULT) in pid:142
[  781.639361][ T6585] rust_binder: Error while translating object.
[  781.645988][ T6585] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  781.652276][ T6585] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:142
[  781.666009][   T10] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  781.687667][   T10] usb 5-1: failed to enable PITCH for EP 0x82
[  781.702279][   T10] usb 5-1: USB disconnect, device number 68
[  781.711444][ T6598] 9pnet_fd: Insufficient options for proto=fd
[  781.723273][T31873] udevd[31873]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  782.185130][ T6622] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13025'.
[  782.199436][ T6622] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  782.207112][ T6622] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  782.214197][ T6622] rust_binder: 144: no such ref 1
[  782.219254][ T6622] rust_binder: 144: no such ref 3
[  782.224542][ T6622] rust_binder: 144: no such ref 1
[  782.229770][ T6622] rust_binder: Error while translating object.
[  782.229798][ T6622] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  782.235978][ T6622] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:144
[  782.246116][ T6622] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  782.391911][ T6636] rust_binder: 150: no such ref 0
[  782.397200][ T6636] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 0
[  782.404434][ T6636] rust_binder: Write failure EINVAL in pid:150
[  782.426356][   T36] kauditd_printk_skb: 8 callbacks suppressed
[  782.426374][   T36] audit: type=1400 audit(2000000019.451:128120): avc:  denied  { remount } for  pid=6637 comm="syz.4.13031" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  782.435907][ T6638] rust_binder: Error in use_page_slow: ESRCH
[  782.452977][ T6639] rust_binder: Error in use_page_slow: ESRCH
[  782.459091][ T6639] rust_binder: use_range failure ESRCH
[  782.465325][ T6639] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  782.470980][ T6638] rust_binder: use_range failure ESRCH
[  782.479049][ T6639] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  782.485072][ T6639] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:152
[  782.494855][ T6638] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  782.504532][ T6638] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  782.504549][ T6642] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  782.514069][ T6641] netlink: 7 bytes leftover after parsing attributes in process `syz.2.13032'.
[  782.522344][ T6638] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:152
[  782.549590][   T36] audit: type=1400 audit(2000000019.571:128121): avc:  denied  { unmount } for  pid=5539 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  782.566653][ T6644] overlayfs: failed to clone upperpath
[  782.586561][   T36] audit: type=1326 audit(2000000019.611:128122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6643 comm="syz.2.13033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc53698eec9 code=0x0
[  782.809645][  T610] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  782.959636][  T610] usb 5-1: Using ep0 maxpacket: 32
[  782.965968][  T610] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  782.974451][  T610] usb 5-1: config 0 has no interface number 0
[  782.980601][  T610] usb 5-1: config 0 interface 184 has no altsetting 0
[  782.988883][  T610] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  782.998094][  T610] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.006134][  T610] usb 5-1: Product: syz
[  783.010350][  T610] usb 5-1: Manufacturer: syz
[  783.014956][  T610] usb 5-1: SerialNumber: syz
[  783.020757][  T610] usb 5-1: config 0 descriptor??
[  783.026553][  T610] smsc75xx v1.0.0
[  783.418638][ T6660] 9pnet_fd: Insufficient options for proto=fd
[  783.427486][ T6646] /dev/rnullb0: Can't open blockdev
[  783.841007][  T610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  783.852020][  T610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  783.861497][  T610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  783.872348][  T610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  783.882072][  T610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  783.892375][  T610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  783.901873][  T610] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  783.911228][  T610] usb 5-1: USB disconnect, device number 69
[  784.240000][ T6708] overlayfs: failed to clone upperpath
[  784.413713][ T6720] netlink: 1347 bytes leftover after parsing attributes in process `syz.4.13061'.
[  784.423578][ T6720] fuseblk: Bad value for 'group_id'
[  784.428820][ T6720] fuseblk: Bad value for 'group_id'
[  784.452719][ T6722] rust_binder: Error while translating object.
[  784.452768][ T6722] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  784.459008][ T6722] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:162
[  784.599124][ T6732] rust_binder: Error in use_page_slow: ESRCH
[  784.608427][ T6732] rust_binder: use_range failure ESRCH
[  784.614575][ T6732] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  784.620140][ T6732] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  784.628444][ T6732] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:166
[  784.638634][ T6732] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  784.704498][ T6744] rust_binder: Error while translating object.
[  784.704545][ T6744] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  784.710884][ T6744] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:176
[  784.750465][ T6752] rust_binder: Write failure EFAULT in pid:183
[  784.798907][ T6756] overlayfs: failed to clone upperpath
[  785.091378][ T6762] netlink: 'syz.7.13075': attribute type 58 has an invalid length.
[  785.234034][ T6767] netlink: 'syz.2.13077': attribute type 4 has an invalid length.
[  785.241947][ T6767] netlink: 17 bytes leftover after parsing attributes in process `syz.2.13077'.
[  785.517782][ T6807] 9pnet_fd: Insufficient options for proto=fd
[  785.653528][ T6820] netlink: 4 bytes leftover after parsing attributes in process `syz.9.13095'.
[  785.814866][   T36] audit: type=1400 audit(2000000022.841:128123): avc:  denied  { setattr } for  pid=6834 comm="syz.4.13101" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  786.356515][ T6872] netlink: 132 bytes leftover after parsing attributes in process `syz.9.13113'.
[  786.668306][ T6883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.676968][ T6883] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.848686][   T36] audit: type=1326 audit(2000000023.871:128124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6885 comm="syz.2.13118" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc53698eec9 code=0x0
[  786.899657][  T905] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  787.049649][  T905] usb 5-1: Using ep0 maxpacket: 32
[  787.056199][  T905] usb 5-1: config 0 has no interfaces?
[  787.063092][  T905] usb 5-1: New USB device found, idVendor=0cf3, idProduct=817a, bcdDevice=eb.19
[  787.072247][  T905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.080276][  T905] usb 5-1: Product: syz
[  787.084471][  T905] usb 5-1: Manufacturer: syz
[  787.089084][  T905] usb 5-1: SerialNumber: syz
[  787.094492][  T905] usb 5-1: config 0 descriptor??
[  787.131751][ T6901] netlink: 'syz.7.13123': attribute type 4 has an invalid length.
[  787.139759][ T6901] netlink: 992 bytes leftover after parsing attributes in process `syz.7.13123'.
[  787.161403][ T6904] ------------[ cut here ]------------
[  787.166942][ T6904] WARNING: CPU: 0 PID: 6904 at mm/page_alloc.c:5228 __alloc_pages_noprof+0xe8/0x7b0
[  787.176420][ T6904] Modules linked in:
[  787.180364][ T6904] CPU: 0 UID: 0 PID: 6904 Comm: syz.7.13124 Not tainted syzkaller #0 c28964d659af56c9aa0a1d789b6c5ee0e7b35bd1
[  787.192058][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  787.202366][ T6904] RIP: 0010:__alloc_pages_noprof+0xe8/0x7b0
[  787.208383][ T6904] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d 22 1f ee 05 00 0f 85 be 00 00 00 c6 05 15 1f ee 05 01 <0f> 0b 31 c0 e9 b0 00 00 00 83 fb 0a 0f 87 a5 00 00 00 44 8b 64 24
[  787.228036][ T6904] RSP: 0018:ffffc9000152f880 EFLAGS: 00010246
[  787.234161][ T6904] RAX: 0000000000000000 RBX: 000000000000001f RCX: 0000000000000000
[  787.242191][ T6904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000152f938
[  787.250243][ T6904] RBP: ffffc9000152f9a8 R08: ffffc9000152f937 R09: 0000000000000000
[  787.258225][ T6904] R10: ffffc9000152f920 R11: fffff520002a5f27 R12: ffffc9000152f8c0
[  787.266236][ T6904] R13: dffffc0000000000 R14: 1ffff920002a5f14 R15: 0000000000000000
[  787.274275][ T6904] FS:  00007fa5bb1536c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  787.283255][ T6904] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  787.289906][ T6904] CR2: 0000200000001000 CR3: 0000000160f8e000 CR4: 00000000003526b0
[  787.297903][ T6904] Call Trace:
[  787.301419][ T6904]  <TASK>
[  787.304373][ T6904]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  787.310564][ T6904]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  787.316320][ T6904]  ? incfs_realloc_mount_info+0xa7/0x4d0
[  787.321997][ T6904]  ___kmalloc_large_node+0x81/0x220
[  787.327225][ T6904]  ? incfs_realloc_mount_info+0xa7/0x4d0
[  787.332919][ T6904]  __kmalloc_large_node_noprof+0x1e/0xe0
[  787.338616][ T6904]  ? incfs_realloc_mount_info+0xa7/0x4d0
[  787.344313][ T6904]  __kmalloc_noprof+0x26d/0x450
[  787.349184][ T6904]  incfs_realloc_mount_info+0xa7/0x4d0
[  787.354676][ T6904]  ? incfs_add_sysfs_node+0x118/0x240
[  787.360112][ T6904]  incfs_alloc_mount_info+0x479/0x600
[  787.365500][ T6904]  incfs_mount_fs+0x3ca/0x960
[  787.370256][ T6904]  ? __cfi_incfs_mount_fs+0x10/0x10
[  787.375488][ T6904]  ? vfs_parse_fs_string+0x102/0x170
[  787.380813][ T6904]  ? selinux_capable+0x38/0x50
[  787.385640][ T6904]  legacy_get_tree+0x103/0x1b0
[  787.390480][ T6904]  ? __cfi_incfs_mount_fs+0x10/0x10
[  787.395711][ T6904]  vfs_get_tree+0xa1/0x290
[  787.400193][ T6904]  do_new_mount+0x251/0xb40
[  787.404716][ T6904]  ? security_capable+0xcf/0xf0
[  787.409658][ T6904]  path_mount+0x688/0x1050
[  787.414108][ T6904]  ? putname+0x113/0x150
[  787.418367][ T6904]  __se_sys_mount+0x2bd/0x480
[  787.423185][ T6904]  ? __x64_sys_mount+0xf0/0xf0
[  787.427978][ T6904]  __x64_sys_mount+0xc3/0xf0
[  787.432613][ T6904]  x64_sys_call+0x2021/0x2ee0
[  787.437326][ T6904]  do_syscall_64+0x58/0xf0
[  787.441785][ T6904]  ? clear_bhb_loop+0x50/0xa0
[  787.446502][ T6904]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  787.452473][ T6904] RIP: 0033:0x7fa5ba38eec9
[  787.456926][ T6904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  787.476588][ T6904] RSP: 002b:00007fa5bb153038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  787.485057][ T6904] RAX: ffffffffffffffda RBX: 00007fa5ba5e6090 RCX: 00007fa5ba38eec9
[  787.493086][ T6904] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 00002000000000c0
[  787.501109][ T6904] RBP: 00007fa5ba411f91 R08: 0000200000000280 R09: 0000000000000000
[  787.509110][ T6904] R10: 0000000001010040 R11: 0000000000000246 R12: 0000000000000000
[  787.517217][ T6904] R13: 00007fa5ba5e6128 R14: 00007fa5ba5e6090 R15: 00007ffca7ddefc8
[  787.525261][ T6904]  </TASK>
[  787.528291][ T6904] ---[ end trace 0000000000000000 ]---
[  787.534142][ T6904] incfs: Error allocating mount info. -12
[  787.540012][ T6904] incfs: mount failed -12
[  787.541027][  T905] usb 5-1: USB disconnect, device number 70